Hackers Stealing Credit Card Info Via e-Commerce WordPress Sites

Cybercriminals are now injecting credit card swipers on random plugins from e-commerce WordPress sites to carry out credit card theft.

The process begins with hacking into WordPress sites, while also injecting a backdoor into the site, which allows them to keep their access to the site even after installing updates.

After that, the cybercriminals go further and add their malicious code to random plugins.

Administrators should follow several steps to protect themselves against card snatchers, including limiting the wp-admin range to specific IP addresses only.

Once this step has been taken, the threat actors will not be able to access the site, even after stealing administrator cookies and injecting a backdoor.

In addition, administrators are advised to conduct integrity monitoring through the use of active server-side scanners to ensure that no code changes last too long before they are detected.

Organizations should also develop the habit of reading logs and looking deeply into the details.

IT World Canada Staff
IT World Canada Staff
The online resource for Canadian Information Technology professionals.

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

ITW in your inbox

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

More Best of The Web