September 2020 was a bad month for WordPress websites running File Manager. You can read all about it in the article Hackers are exploiting a critical flaw affecting >350,000 WordPress sites. So, a couple of nights ago I was posting in the support forum for the WordPress Plugin: Wordfence Security – Firewall & Malware Scan about a curious issue I came across while setting up Wordfence Firewall Optimisation when using a Caddy webserver. The post that followed mine Hacked files cannot be found was from someone who had been hacked because of the FileManager vulnerability. It’s a very sad story and I feel for the individual involved.
A day later, I happened to check the live traffic Wordfence was monitoring on my WordPress site and lo and behold, look what I found.
Just before 1 PM on the day, an attempt was made to exploit my site by probing to see if I had the File Manager plugin installed. No one is safe. It pays to be constantly vigilant especially if you are self-hosting and expose services such as WordPress and Nextcloud to the internet. Take care with what WordPress plugins you install. Use sites such as Exploitalert to check that your plugins aren’t the subject of recent exploits and to help you identify and shy away from plugins that have a history of exploits.
EDIT: It turned out I had to rebuild the site as I had a feeling it had already been compromised. Fortunately, this was a new self-hosted install of WordPress so it was not a major drama to recreate the site and import content again. So far, so good.