Random WordPress Plugin Attacks Steal Payment Info-1.6 Million And Counting

Published: January 06, 2022 on our newsletter Security Fraud News & Alerts Newsletter.



There is so much cybersecurity news that sometimes, important information gets bypassed. In this case, WordPress is in the news again. Websites created using WordPress, now over 455 million sites, are in danger of random plugin attacks by cybercriminals. While this is nothing new, recent attacks target the various 58,000+ plugins offered when building a website, including those facilitating online commerce payments. Over 1.6 million WordPress victims have already had their payment information stolen thanks to these plugin exploits.


There’s a plethora of WordPress users and builders of websites, and the ability to exploit any one of thousands of random plugins for the goal of stealing payment card information is squarely in the attacker’s cross-hairs. Cybercriminals are taking full advantage and are offering tools that exploit this vulnerability.



This card skim-scam works when bad actors inject credit card swipers into random plugins used for WordPress e-commerce websites. This allows the credit card sneaks to steal payment data from customers, and they often create a backdoor for the website, allowing them to hide and access the site and customer payment details at their will. The plugin backdoor option also scans for and steals administrator login privileges, giving hackers all of the access they need to steal customer payment card data.


Tips for online shoppers:

  • Only use trusted online retailers, and triple-check the URL spelling. Hackers love to redirect shoppers to malicious website designed to steal their private data, and they’re very sneaky about creating look-alike URLs

  • Avoid using any unnecessary plugins or extensions and disable them. Better yet, delete them entirely.

  • Regularly check banking records for any unauthorized purchases and immediately report them to your bank and/or credit card provider. If necessary, you can temporarily freeze your credit for free and unfreeze it when you need it.

Tips for system administrators:

  • Restrict the “wp-admin” area to specific IP addresses only. That prevents unauthorized access to the site.

  • Check to see if there are any stray plugins that don’t belong on your website and immediately remove them. Also update plugins and themes as quickly as possible.

  • Maintain file integrity by activating scanners on the server-end of the website that detect code changes used by hackers.

  • Check log details carefully, looking for any changes to files, plugin updates and themes and code changes. Any unauthorized activity will show in these details and you can address it immediately.


Keep up to date: Sign up for our Fraud alerts and Updates newsletter

Want to schedule a conversation? Please email us at advisor@nadicent.com

2 views0 comments