Another big hacking case hit the headlines last week, Panama Papers, involving high profile politician and celebrity scandal released onto the internet. How did it happen? Another security vulnerability exploited by hackers? There is a theory that hackers may have gotten into the database file containing email password saved by SMTP email plugin in plain text via unpatched WordPress plugin - Revolution Slider.
I use Revolution Slider, What should I do?
Does that sound familiar? If you have been using WordPress in the past, chances are you have come across Revolution Slider. It is an awesome slider plugin that makes setting up and editing custom slider an ease on WordPress. Any versions up until the 3.0.95 are vulnerable to the attack. If your website is running Revolution Slider, simple type:
http://example.com/wp-content/plugins/revslider/release_log.html
http://example.com/wp-content/plugins/revslider/release_log.txt
to check the version of Revolution Slider you are running, replacing example.com with your URL of course. If you are running any version below 3.0.95, update immediately! The guys at Wordfence showed how easy it is to exploit this vulnerability. Even if you are running newer version, it is good practice to update it to the latest version.
After the attacker get accessed to the web server, it was easy business getting a database backup with email and password details in plain text.
WordPress CMS, SMTP
While there is no way eliminating the risk of being hacked, reducing the risk is what any website owners should do. What is important here is to make sure your CMS and plugins are updated regularly to prevent attackers exploiting your website using known vulnerabilities. Also an SMTP email plugin saves email address and password of SMTP account which is usually a main email account containing sensitive information. One way to reduce the risk is to setup separate email accounts to be used exclusively for SMTP only. By setting up an dedicated SMTP account for sending email, it is important to set reply-to email to your normal email so attackers won't get access to all email conversations.