WooCommerce Websites Targeted by Card Swiper Attacks
If you have a WordPress website and are using WooCommerce for eCommerce, you will need to make sure that you take action to protect your website against credit card swipers that have found a hard to detect way of modifying the WooCommerce plugin with legitimate JavaScript files.
The attack was found by security company Sucuri who were called in to investigate a WordPress website running WooCommerce that had experienced credit card fraud. After Sucuri compared files, they found that attackers had hidden malicious JavaScript code within the WooCommerce plugin.
This was a little unusual, as most attacks on eCommerce websites involve appending code at the end of a file which is more effective for them but also easier to find. They had also gone to some trouble to cover their tracks by clearing cache after the attack.
What gave the attack away most was an additional PHP file that loaded the malicious code.
How the attackers actually got access to the WooCommerce plugin files was not know and most likely was a vulnerability in WordPress or WooCommerce.
This attack is a reminder to all eCommerce websites that you must protect your website with some of the following recommendations:
- All WordPress, WooCommerce and plugins are kept up to date
- Strong password security for administrators with a two-factor authentication login
- Security plugin like WordFence is also recommended
- Disable direct file editing for wp-admin by adding the following line to your wp-config.php file:
define( ‘DISALLOW_FILE_EDIT’, true );
