2 thoughts on “Hackers Have Been Probing For Usage of the Kiwi Social Share WordPress Plugin for a Couple of Weeks

  1. We’ve had a continuous stream of attacks/probes trying to access wp-content/plugins/kiwi-social-share/assets/js/kiwi.min.js on a site which is still in build. Our security plugin is set to block IPs that display this sort of random behaviour, as they are not up to any good.

    • Requests for a JavaScript file would not be an attack, just probing for usage of something, since JavaScript files don’t run code on the server.

      We have yet to see any WordPress security plugin that provides evidence that it is effective and blocking IP addresses is just the sort of thing they do to make it appear like they are doing something while not necessarily being effective, since in looking at logging from real hacks we have seen hackers that switch IP address as often as each request. By comparison we discovered and warned our customers about this vulnerability before it was ever exploited, which is real protection.

Leave a Reply

Your email address will not be published. Required fields are marked *