Managed hosting specialist Future Hosting has issued a warning to owners of new WordPress sites. With headquarters in Southfield, Michigan, United States, Future Hosting provides a suite of products and services which include traditional web hosting alongside dedicated servers and Virtual Private Servers (VPS). The company has alerted owners of a report by WordFence - the makers of a Security Plugin for WordPress - that suggested a “new wave of attacks targeting fresh WordPress installations” may be possible.
WordPress is Open Source (OS) software that is available free of charge. Originally a blogging solution, it has become the leading Content Management System (CMS) and can be used to develop simple websites and even the most complex of sites. It benefits from the support of a global pool of talent that produces addons and themes that change the way WordPress operates and looks. This is one reason why it represents such a cost-effective solution for smaller businesses.
To install WordPress, files are generally uploaded to a web hosting server. Unfortunately, new installations show an interface that is “used to submit essential configuration data, including login and database credentials”. As this interface is not protected, it makes new and incomplete installations open to compromise. Attackers can gain control of a site through this vulnerability and install “custom plugins and execute arbitrary PHP code” for their own benefit.
“We host thousands of WordPress sites on our VPS and dedicated server hosting platform,” explained Future Hosting’s Vice President of Operations, Maulesh Patel. “We hope to raise awareness of the risk inherent in leaving a fresh WordPress install in its default state. WordPress installations uploaded manually or via a script should be completed immediately.”
Have you been impacted by this WordPress vulnerability? Let us know the details. What happened?