How Hackers Abuse Leaked Passwords for Profit

Fioravante Souza posted: " Here at Jetpack, we have noticed an increase in the number of sites affected with a fake plugin ingeniously called: WordPress Editor. And since it's been happening more frequently, we decided to write about it. Before we go any further, if you have th" New post on Jetpack: WordPress Security, Performance, and Growth How Hackers Abuse Leaked Passwords for Profit by Fioravante Souza Here at Jetpack, we have noticed an increase in the number of sites affected with a fake plugin ingeniously called: WordPress Editor. And since it's been happening more frequently, we decided to write about it. Before we go any further, if you have this plugin installed and activated on your WordPress site, you should immediately follow these steps: Remove the plugin. Change your current admin password and make sure to use a strong one. Review all admin users; if the attacker had access to your site they may have created new users. Change passwords for any other valid admin accounts. Enable 2FA for all admin accounts. Now, with that out of the way, let's see what this bad code does. Continue reading "How Hackers Abuse Leaked Passwords for Profit" Fioravante Souza | February 22, 2021 at 11:00 am | Categories: Security | URL: https://wp.me/p1moTy-uQX Unsubscribe to no longer receive posts from Jetpack: WordPress Security, Performance, and Growth. Change your email settings at Manage Subscriptions. Trouble clicking? Copy and paste this URL into your browser: http://jetpack.com/2021/02/22/how-hackers-abuse-leaked-passwords-for-profit/ Thanks for flying with WordPress.com