WordFence and Takeaway Lessons!
Almost every possible scenario includes reused credentials being exploited to gain access to the donaldjtrump.com site.
In almost every case, having 2-Factor Authentication enabled would have prevented such a scenario from occurring. It’s also a reminder that it is important to enable 2-Factor Authentication not only on your website’s administrative panel, but on every service that offers it, including services you might not think of as being vulnerable.
If the credentials you are using have been exposed in a data breach, it doesn’t matter how secure the service you’re using is. By enabling 2-Factor Authentication, you add an extra layer of protection.
While Wordfence doesn’t offer protection for Expression Engine, we do offer best-in-class protection for WordPress. This includes 2-Factor Authentication as a completely free feature.
Don’t wait for an attacker to guess your password. Turn on 2-Factor Authentication to protect your web assets. You Might Be The Next. Your Online Product Might Be The Next.
On October 27, 2020 at approximately 4:50pm Mountain Time, Donald Trump’s campaign website, www.donaldjtrump.com, was defaced.
The attackers left a message claiming they had compromising information on President Trump. The defacement page contained two Monero cryptocurrency wallet IDs encouraging visitors to “vote” by sending cryptocurrency to the wallets, indicating that if the first wallet received more money than the second wallet, the attackers would release this compromising information.
While the site was compromised, visitors were greeted with the following:
Wordfence protects WordPress websites and offer a hacked site cleaning service for WordPress site owners. (See Here) Donald Trump’s campaign website is hosted using Expression Engine, which is an alternative content management system to WordPress but Wordfence doesn’t protect sites using Expression Engine.