WordPress Weekly News 014: Hackers using routers, Sathurbot target WordPress and more

A few days ago, United Airlines dragged a passenger off from one of their flights. While many were infuriated, some took to Twitter to bash the Airline management and its crew. Some of the tweets were brilliant.

You carry on, we carry off #NewUnitedAirlinesMottos

— Sir Castic One (@SnapDad42) April 11, 2017

Normal flights have cabin crews, we have bouncers #NewUnitedAirlinesMottos

— NKS (@NKS1806) April 11, 2017

We’ll drag you all over the world

#NewUnitedAirlinesMottos pic.twitter.com/Y559QzFbEv

— rdu3 (@rdu3_richard) April 11, 2017

Meanwhile, I have been collecting a whole bunch of exciting WordPress news that I am going to be covering in this week’s WordPress roundup. This hasn’t been the best of weeks for WordPress users as thousands of websites were compromised due to two, not one, security breaches. We will also discuss WordCamp for publishers and much more.

Sathurbot Hits WordPress

A Trojan, disguised as a Torrent, has been exploiting weak WordPress administrator accounts. Sathurbot has been causing brute force attacks by injecting malicious codes into the .js files. It contains installer executable with some text as well, which lures the user into running the executable file that delivers Sathurbot.

The Trojan can update and download itself and initiate other executable files as well. It uses 5000 random words that combine to form a 2-4 word phrase which is used as a query string by the Google, Bing and Yandex search engines.

Hackers Using Routers To Attack WordPress Websites

Hackers have found a new way to penetrate your WordPress admin panels – Routers! Hackers are launching coordinated attacks on administrator panels through unsecured home routers. They can guess the password once they have the access and take control of your accounts.

Attackers gain entry by sending malicious requests to the router’s 7547 port. They exploit the security bugs in the TR-069 router management protocol to highjack devices. WordFence, a security plugin provider, detected the flaw. It reported that around 7% of all the brute force attacks on WordPress sites arrived from home routers.

A huge factor that contributed to these attacks is the lack of knowledge of users who don’t have enough knowledge to secure their networks. WordFence provided a solution which involves ISPs filtering out traffic coming from public internet targeting the 7547 port.

WordCamp For Publishers

WordCamp will be taking a new route this time in Denver, where it will be held only for publishers. The first of its kind will be held from August 17 – 19. It will cater to anyone who uses WordPress to manage a publication regardless of its size. Initially, it was decided to name the event “WordCamp for Journalists” but it was changed to “WordCamp for Publishers” to include all the different professionals related to WordPress publishing.

The call for speakers and workshops is expected to open soon and will close in May. The attendees will be limited to 230 and the ticket will cost $40 and will go on sale in May. Since this is the first event of its kind, the organizers are keeping a low number of attendees.

The lead organizers, Steph Yiu and Adam Schweigert, have experience regarding arranging events of such magnitudes. Schweigert has led some working groups which had members from MIT and Knight Foundation on CMS related projects. Yiu was also part of that working group.

Advanced WordPress Takes The High Road – Moves To Admin Approved Posts

The famous Facebook group Advanced WordPress recently announced that it will now only have posts that have gone through and has been accepted by the admins. After years of allowing members to post freely, it has changed its course to curb irrelevant and low quality content in the group .

The group has over 28,000 members and has seen some lively WordPress related conversations over the years. Members have suggested the group admins to start a forum-based website using WordPress but the success of the group has been massively contributed by the infrastructure of Facebook. Many members receive notifications of activities in the group .

However, the group has suffered at the hands of low quality content forcing the admins to make such a move. Matt Cromwell, the group admin, posted on the group:

“One week from today, we will move this group to Admin Approved posts only. It’s a big move that we don’t take lightly, but we believe that in the long-run, it will greatly improve the overall value and quality of this group.”

You can read the details here.

The Week’s Best Tutorials & Tips

The 3 Best E-Commerce Hosting Solutions Compared

6 Clef Alternatives for WordPress For When Clef Shuts Down

WordPress Editor Experience Survey Shows 75% of Respondents Don’t Use Distraction-Free Writing Mode

How to Setup Lazy Loading on WordPress Manually and Through a Plugin

How To Configure Cloudflare CDN on WordPress Websites Easily

Your first step to WordPress Development – where and how to start

Zero BS WordPress CRM Celebrates 1st Birthday And Introduces API

Make Money With WordPress Through These 9 Proven Ways [Infographic]

New Twitter Bot Automatically Tweets Links to Trac Tickets Tagged as Good-First-Bugs

How Much Should a WordPress Theme Cost? Hundreds of Themes Analyzed, Here’s What the Data Says

20 Best Small Business Startup WordPress Themes

150+ Best Genesis Child themes for 2017

25 Best Clean Blogging WordPress Themes 2017

That’s all from this week’s WordPress roundup. See you all next week with more WordPress news and tutorials.