Joomla! Help Support Warrington Cheshire Manchester Merseyside UK31 October 2024.

The Hacker News has in the past year periodically published articles warning readers of the latest Wordpress CMS security concern.

The most likely reason that Wordpress concerns feature prominently in such articles is possibly because it has a very large global user base.

It therefore forms a much bigger juicer target for hackers.

Joomla! CMS users should however not be complacent.

They should instead review and tighten their website security.

The Hacker News usually recommends in its articles that CMS owners should:

  • add Two-factor Authentication to their website's Dashboard, and
  • check they are using the latest version of CMS and any extensions (or addons)

to reduce the risk of their website being compromised in this way.

26 November 2024.

Installed on over 200,000 WordPress sites, CleanTalk's Spam Protection Anti-Spam FireWall Plugin is advertised as a "universal anti-spam plugin" that blocks spam comments, registrations, surveys, and more.

Two critical security flaws could allow an unauthenticated attacker to install and enable malicious plugins on susceptible sites and potentially achieve remote code execution.

Read more: CleanTalk's Spam Protection Anti-Spam FireWall Plugin exposes 200,000+ sites

18 November 2024.

A critical authentication bypass vulnerability has been disclosed in the Really Simple Security (formerly Really Simple SSL) plugin for WordPress which could allow an attacker to remotely gain full administrative access to a susceptible site.

Read more: Critical WordPress plugin vulnerability exposes over 4 million sites

31 October 2024.

A high-severity security flaw has been disclosed in the LiteSpeed Cache plugin for WordPress that could allow an unauthenticated threat actor to elevate their privileges and perform malicious actions. The vulnerability has been addressed in version 6.5.2 of the plugin.

Read more: LiteSpeed Cache Plugin vulnerability poses significant risk to WordPress websites

15 October 2024.

The maintainers of the Jetpack WordPress plugin have released a security update to remediate a critical vulnerability that could allow logged-in users to access forms submitted by others on a site.

Jetpack, owned by WordPress maker Automattic, is an all-in-one plugin that offers a comprehensive suite of tools to improve site safety, performance, and traffic growth. It's used on 27 million WordPress sites, according to its website.

The issue is said to have been identified by Jetpack during an internal security audit and has persisted since version 3.9.9, released in 2016.

While there is no evidence that the vulnerability has ever been exploited in the wild, there is a likelihood that it could be abused going forward in light of public disclosure.

Read more: WordPress Plugin Jetpack patches major vulnerability affecting 27 million sites

4 October 2024.

A new high-severity security flaw has been disclosed in the LiteSpeed Cache plugin for WordPress that could enable malicious actors to execute arbitrary JavaScript code under certain conditions.

Read more: LiteSpeed Cache Plugin Security Flaw Exposes Wordpress Sites to XSS Attacks

6 September 2024.

Cybersecurity researchers have discovered yet another critical security flaw in the LiteSpeed Cache plugin for WordPress that could allow unauthenticated users to take control of arbitrary accounts.

Read more: Critical security flaw found in LiteSpeed Cache Plugin for WordPress

22 August 2024.

Critical flaw in WordPress LiteSpeed Cache Plugin allows hackers admin access.

Read more: Critical flaw in WordPress LiteSpeed Cache Plugin allows hackers admin access

21 August 2024.

GiveWP WordPress Plugin vulnerability puts 100,000+ websites at risk.

Read more: GiveWP WordPress Plugin vulnerability puts 100,000+ websites at risk

25 June 2024.

Multiple Wordpress plugins being exploited by hackers.

Read more: Multiple Wordpress plugins compromised

28 May 2024.

WordPress plugin exploited to steal credit card data from e-commerce websites.

Read more: WordPress plugin exploited to steal credit card data

8 May 2024.

Hackers exploiting LiteSpeed Cache bug to gain full control of WordPress sites.

Read more: Hackers exploiting LiteSpeed Cache bug to gain full control of WordPress sites

26 April 2024.

Hackers exploiting WP-Automatic plugin bug to create admin accounts on WordPress websites.

Read more: Hackers exploiting WP-Automatic plugin bug to create admin accounts on WordPress sites

3 April 2024.

Critical security flaw found in popular WordPress plugin.

Read more: Critical security flaw found in popular LayerSlider WordPress plugin

18 March 2024.

WordPress admins urged to remove miniOrange plugins.

Read more: WordPress admins urged to remove miniOrange plugins due to critical flaw

12 March 2024.

Malware campaign exploits 3,900+ Wordpress sites.

Read more: Malware campaign exploits 3,900+ Wordpress sites using Popup Builder WordPress plugin

27 Feb 2024.

WordPress LiteSpeed Plugin vulnerability.

Read more: WordPress LiteSpeed Plugin vulnerability puts 5 Million sites at risk

27 Feb 2024.

WordPress Plugin Alert - Critical SQLi vulnerability threatens 200K+ websites.

Read more: WordPress Plugin Alert - Critical SQLi vulnerability threatens 200K+websites

20 Feb 2024.

WordPress Bricks Theme under active attack: critical flaw impacts 25,000+ sites.

Read more: WordPress Bricks Theme under active attack

15 Jan 2024.

Balada Injector infects over 7,100 WordPress sites using plugin vulnerability.

Read more: Balada Injector infects over 7,100 WordPress sites

 

What can you you do to protect your Joomla! CMS?

Inclusion of Multi-factor Authentication in the Joomla! 5 CMS (first introduced with Joomla! 4) is a useful initiative by The Joomla! Project.

Using one of the available plugins with your website is now made relatively straightforward.

Read more: Multi-factor Authentication.

You should also password protect your website's Administrator directory.

This can be achieved via the Hosting Control Panel included with your Hosting Account.

Example: cPanel users can enable Directory Privacy via the Files panel of the cPanel Dashboard.

Read more: cPanel Dashboard.

Be bold, add a Web Application Firewall to your website.

Akeeba Admin Tools PRO supports password protection and the use of a secret URL to cloak your website's Administrator directory URL.

It also includes a host of other security enhancements.

Read more: Web Application Firewall.

 

About The Hacker News

"The Hacker News (THN) stands as a top and reliable source for the latest updates in cybersecurity. As an independent outlet, we offer balanced and thorough insights into the cybersecurity sector, trusted by professionals and enthusiasts alike."

Subscribe to The Hacker News newsletter when you visit the following link.

And keep up to speed with the latest security threats affecting your Operating System, Web Browser and Website.

Read more: About 'The Hacker News' Media

 

Make Joomla! CMS Security your #1 Priority

Joomla! Help Support Warrington Cheshire Manchester Merseyside UKWe offer Joomla! coaching, help and support to businesses and organisations across Cheshire, Manchester, Merseyside, North West England & the UK.

Learn how to manage Joomla! website security.

Joomla! Help Support Warrington Cheshire Manchester Merseyside UK31 October 2024.

The Hacker News has in the past year periodically published articles warning readers of the latest Wordpress CMS security concern.

The most likely reason that Wordpress concerns feature prominently in such articles is possibly because it has a very large global user base.

It therefore forms a much bigger juicer target for hackers.

Joomla! CMS users should however not be complacent.

They should instead review and tighten their website security.

The Hacker News usually recommends in its articles that CMS owners should:

  • add Two-factor Authentication to their website's Dashboard, and
  • check they are using the latest version of CMS and any extensions (or addons)

to reduce the risk of their website being compromised in this way.

26 November 2024.

Installed on over 200,000 WordPress sites, CleanTalk's Spam Protection Anti-Spam FireWall Plugin is advertised as a "universal anti-spam plugin" that blocks spam comments, registrations, surveys, and more.

Two critical security flaws could allow an unauthenticated attacker to install and enable malicious plugins on susceptible sites and potentially achieve remote code execution.

Read more: CleanTalk's Spam Protection Anti-Spam FireWall Plugin exposes 200,000+ sites

18 November 2024.

A critical authentication bypass vulnerability has been disclosed in the Really Simple Security (formerly Really Simple SSL) plugin for WordPress which could allow an attacker to remotely gain full administrative access to a susceptible site.

Read more: Critical WordPress plugin vulnerability exposes over 4 million sites

31 October 2024.

A high-severity security flaw has been disclosed in the LiteSpeed Cache plugin for WordPress that could allow an unauthenticated threat actor to elevate their privileges and perform malicious actions. The vulnerability has been addressed in version 6.5.2 of the plugin.

Read more: LiteSpeed Cache Plugin vulnerability poses significant risk to WordPress websites

15 October 2024.

The maintainers of the Jetpack WordPress plugin have released a security update to remediate a critical vulnerability that could allow logged-in users to access forms submitted by others on a site.

Jetpack, owned by WordPress maker Automattic, is an all-in-one plugin that offers a comprehensive suite of tools to improve site safety, performance, and traffic growth. It's used on 27 million WordPress sites, according to its website.

The issue is said to have been identified by Jetpack during an internal security audit and has persisted since version 3.9.9, released in 2016.

While there is no evidence that the vulnerability has ever been exploited in the wild, there is a likelihood that it could be abused going forward in light of public disclosure.

Read more: WordPress Plugin Jetpack patches major vulnerability affecting 27 million sites

4 October 2024.

A new high-severity security flaw has been disclosed in the LiteSpeed Cache plugin for WordPress that could enable malicious actors to execute arbitrary JavaScript code under certain conditions.

Read more: LiteSpeed Cache Plugin Security Flaw Exposes Wordpress Sites to XSS Attacks

6 September 2024.

Cybersecurity researchers have discovered yet another critical security flaw in the LiteSpeed Cache plugin for WordPress that could allow unauthenticated users to take control of arbitrary accounts.

Read more: Critical security flaw found in LiteSpeed Cache Plugin for WordPress

22 August 2024.

Critical flaw in WordPress LiteSpeed Cache Plugin allows hackers admin access.

Read more: Critical flaw in WordPress LiteSpeed Cache Plugin allows hackers admin access

21 August 2024.

GiveWP WordPress Plugin vulnerability puts 100,000+ websites at risk.

Read more: GiveWP WordPress Plugin vulnerability puts 100,000+ websites at risk

25 June 2024.

Multiple Wordpress plugins being exploited by hackers.

Read more: Multiple Wordpress plugins compromised

28 May 2024.

WordPress plugin exploited to steal credit card data from e-commerce websites.

Read more: WordPress plugin exploited to steal credit card data

8 May 2024.

Hackers exploiting LiteSpeed Cache bug to gain full control of WordPress sites.

Read more: Hackers exploiting LiteSpeed Cache bug to gain full control of WordPress sites

26 April 2024.

Hackers exploiting WP-Automatic plugin bug to create admin accounts on WordPress websites.

Read more: Hackers exploiting WP-Automatic plugin bug to create admin accounts on WordPress sites

3 April 2024.

Critical security flaw found in popular WordPress plugin.

Read more: Critical security flaw found in popular LayerSlider WordPress plugin

18 March 2024.

WordPress admins urged to remove miniOrange plugins.

Read more: WordPress admins urged to remove miniOrange plugins due to critical flaw

12 March 2024.

Malware campaign exploits 3,900+ Wordpress sites.

Read more: Malware campaign exploits 3,900+ Wordpress sites using Popup Builder WordPress plugin

27 Feb 2024.

WordPress LiteSpeed Plugin vulnerability.

Read more: WordPress LiteSpeed Plugin vulnerability puts 5 Million sites at risk

27 Feb 2024.

WordPress Plugin Alert - Critical SQLi vulnerability threatens 200K+ websites.

Read more: WordPress Plugin Alert - Critical SQLi vulnerability threatens 200K+websites

20 Feb 2024.

WordPress Bricks Theme under active attack: critical flaw impacts 25,000+ sites.

Read more: WordPress Bricks Theme under active attack

15 Jan 2024.

Balada Injector infects over 7,100 WordPress sites using plugin vulnerability.

Read more: Balada Injector infects over 7,100 WordPress sites

 

What can you you do to protect your Joomla! CMS?

Inclusion of Multi-factor Authentication in the Joomla! 5 CMS (first introduced with Joomla! 4) is a useful initiative by The Joomla! Project.

Using one of the available plugins with your website is now made relatively straightforward.

Read more: Multi-factor Authentication.

You should also password protect your website's Administrator directory.

This can be achieved via the Hosting Control Panel included with your Hosting Account.

Example: cPanel users can enable Directory Privacy via the Files panel of the cPanel Dashboard.

Read more: cPanel Dashboard.

Be bold, add a Web Application Firewall to your website.

Akeeba Admin Tools PRO supports password protection and the use of a secret URL to cloak your website's Administrator directory URL.

It also includes a host of other security enhancements.

Read more: Web Application Firewall.

 

About The Hacker News

"The Hacker News (THN) stands as a top and reliable source for the latest updates in cybersecurity. As an independent outlet, we offer balanced and thorough insights into the cybersecurity sector, trusted by professionals and enthusiasts alike."

Subscribe to The Hacker News newsletter when you visit the following link.

And keep up to speed with the latest security threats affecting your Operating System, Web Browser and Website.

Read more: About 'The Hacker News' Media

 

Make Joomla! CMS Security your #1 Priority

Joomla! Help Support Warrington Cheshire Manchester Merseyside UKWe offer Joomla! coaching, help and support to businesses and organisations across Cheshire, Manchester, Merseyside, North West England & the UK.

Learn how to manage Joomla! website security.