With the holiday shopping season in full swing, shoppers are descending on virtual storefronts in droves seeking the best deals.  Naturally, this means that hackers are also circling like sharks watching for an opportunity to steal data and profit from it.

Their most recent trick?  To infect random WordPress plugins with malicious code that can be activated later to harvest and exfiltrate payment card information.

WordPress has gotten pretty good at ferreting out malicious code residing in the 'wp-includes' and 'wp-admin' directories. Those are the places that most other anti-malware software looks first. So malicious code that relies on being in either of those directories doesn't tend to last long enough to pay dividends to the hackers.

Naturally, this has prompted them to find workarounds. This year's big evolution in the ongoing war between hackers and security professionals seems to be hiding code in places that not many would think to look for it.

So far that seems to be working out well for the hackers and card scraping type attacks are on the rise again this year.

The good news is that if you have a WordPress eCommerce site and want to minimize your risk there are several things you can do.

Here are the Big Three:

  • Restrict and closely monitor access to your 'Wp-admin' folder. Only specific trusted IP addresses should have access to this folder.
  • File integrity monitoring via active server-side scanning. That way if code changes on your website you'll know about it almost immediately.
  • And make sure your IT staff is reviewing log files on a regular basis. Even if a hacker manages to slip something past your defenses it's either going to be reflected in the log file or there will be a conspicuous absence which should raise a red flag.

The holiday season is a very big deal to online vendors but it also carries some risk.  Make sure you're minimizing yours.



Would you like to be a Power User? Sign up for "The Fix" our Mac Tips and Tricks newsletter here.
If you have any questions you can reach The MacGuys+ at 763-331-6227 or schedule an on-site visit here
Mac IT for the Minneapolis, St. Paul, Twin Cities Metro, and Western WI Area! Nation Wide, Co-Managed, Work Anyplace Mac IT Support.

Used with permission from Article Aggregator