We hope to raise awareness of the risk inherent in leaving a fresh WordPress install in its default state. WordPress installations uploaded manually or via a script should be completed immediately.
Southfield, MI (PRWEB)
August 01, 2017
Future Hosting, a VPS hosting and dedicated server hosting provider, has warned WordPress hosting clients of a new wave of attacks targeting fresh WordPress installations (as reported by WordFence on July 11, 2017).
Fresh WordPress installations display an interface that is used to submit essential configuration data, including login and database credentials. This interface is not protected in any way, and can be used by attackers to compromise the WordPress installation and potentially the server on which the WordPress site is hosted.
WordPress is typically installed by uploading its files to a hosting account or server. At this point, the installation is vulnerable. If an attacker is aware of the uncompleted configuration, they are free to complete the process, creating a user with administration privileges and causing the site to use a database under the attacker’s control.
“We host thousands of WordPress sites on our VPS and dedicated server hosting platform,” said Maulesh Patel, VP of Operations of Future Hosting, “We hope to raise awareness of the risk inherent in leaving a fresh WordPress install in its default state. WordPress installations uploaded manually or via a script should be completed immediately.”
Once the attacker has control of the site, they can install custom plugins and execute arbitrary PHP code. WordFence reports that attackers are actively scanning the web for incomplete WordPress installations and using them to compromise hosting accounts.
There is no safe period during which an incomplete configuration can be exposed to the web. With a combination of automated scanning and scripts, bad actors could compromise an unconfigured WordPress site within seconds of its being uploaded to a server.
When installing WordPress on a hosting account or server, the configuration process should be completed immediately. Once the configuration and installation is complete, the site is no longer vulnerable.
About Future Hosting, LLC
Founded in 2001, Future Hosting is a privately held leading Internet…