WordPress sites are being hit by sneaky code that can steal credit card data

WordPress website owners, beware! A recent discovery by cybersecurity researchers Sucuri exposes a sneaky attack method targeting online stores. This section will delve into the details of this vulnerability, how it works, and the best practices to protect your website and your customers' sensitive information.

Dessky Snippets Vulnerability

The culprit behind this attack is a vulnerability within a lesser-known WordPress plugin called Dessky Snippets. This plugin allows website administrators to add custom PHP code to their sites, offering some level of customization. Unfortunately, attackers are exploiting a security weakness in Dessky Snippets to install malicious code on unsuspecting websites.

Targeting Online Stores

Sucuri's report highlights that attackers specifically targeted websites with online shops built using the popular WooCommerce plugin. Once they identified a vulnerable Dessky Snippets installation, they used the vulnerability to inject malicious server-side PHP code. This code acted as a credit card skimmer, silently capturing sensitive payment information entered by customers during checkout.

Fake Checkout Forms

The malicious code didn't stop at simply lurking in the background. Sucuri's researchers discovered it actively modified the website's checkout process. Imagine a customer going through the usual checkout steps on your WooCommerce store. Behind the scenes, the malicious code would inject a fake checkout form onto the real one. This fake form would look very similar to the legitimate one, requesting the customer's name, address, credit card number, expiry date, and CVV code.

Disabling Autocomplete: A Red Flag

One crucial detail to remember is that autocomplete functionality was disabled on these fake forms. This means that a customer's browser wouldn't automatically fill in their information like it usually does on secure checkout pages. Sujee strongly suggests paying close attention to your checkout form's behavior. A legitimate checkout form shouldn't disable autocomplete. If you see this red flag, it's a good idea to investigate further and consider contacting your hosting provider for assistance.

Why This Vulnerability Matters?

This attack highlights a growing trend – cybercriminals targeting WordPress through its plugin ecosystem. WordPress itself is a secure platform, but outdated or poorly coded plugins can introduce security gaps. This is why Sujee strongly recommends that WordPress users only install plugins they truly need and keep them up-to-date with the latest security patches.

Protecting Your WordPress Website 

Here are some key actions you can take to safeguard your website from similar attacks:

  • Remove Unused Plugins: Don't clutter your WordPress site with plugins you don't use. Regularly audit your plugins and remove any that are inactive or unnecessary. This reduces the attack surface for malicious actors.
  • Update Regularly: This applies to your WordPress core software, all your themes, and every plugin you use. Updates often include critical security patches, so keeping everything up-to-date is essential. Sujee suggests scheduling automatic updates whenever possible to ensure you don't miss any important security fixes.
  • Choose Reputable Plugins: Stick with well-established and well-reviewed plugins from trusted developers. Do your research before installing any plugin and avoid obscure or poorly maintained options. Sujee recommends checking user reviews and ratings on the WordPress plugin directory before making a decision.
  • Strong Security Practices: These include using strong passwords for all your WordPress accounts, employing a reputable security plugin, and regularly backing up your website data.

By following these recommendations, you can significantly reduce the risk of your WordPress website falling victim to malicious code injection attacks like the one discovered with Dessky Snippets. Remember, protecting your customer's information is paramount, so take proactive steps to secure your online store today. Sujee is always here to help! If you have any questions about WordPress security or need assistance securing your website, feel free to contact us.

Leave a comment



Copyright 2019 - 2024 Copyright sujee.com.au. Your WordPress developer Chadstone Melbourne
ABN 52 391 722 102