WordPress Plugin Vulnerability Means Millions Find Their WordPress Website Defaced By Hackers

WordPress, a popular free open-source website and blog creation tool has left millions of pages defaced, due to a remote code execution (RCE) feature being added to the package. Hackers took advantage of this vulnerability to take control of website pages. Attackers exploit the WordPress plugins to take control over editorial features in order to vandalize pages or even worse execute malicious payloads.

WordPress Website Defaced ?

A well known security firm recently released a statement saying they had detected multiple hackers seizing control of sites. Backdoor found in WordPress and WordPress plugins are allowing attackers to inject ads, spam and affiliate links. The security firm expects many more attacks to follow and even advised users to disable the plugins due to attackers using them to insert malware into any affected website. The common types of website defacement, ‘Hacked By GeNErAL’, are being replaced by monetising hacks with compromised sites being used to make money for the hacker via the use of paid ads (selling everything from viagra, research chemicals to fake crypto currency exchanges) or redirect them to an ‘online pharmacy’.

This year in March alone, over 45 million WordPress websites were defaced and infected. Many websites are still affected with many of their users not even realising that hidden within their blog there is a page that is selling some seedy pharmaceutical product . Often these hacked website pages are only found by using very specific search terms in google, so, blog owners are blissfully unaware that their sweet and innocent cupcake blog is actually harboring a deep secret within the blog pages.

Plugin Created By Hacker?

Here is a word of caution, many users simply install plugins without a thought of where the plugin came from or how secure it is. It’s not in the realms of impossibility that a plugin is created by a hacker and uploaded to a plugin site, so, when you are deciding on downloading a plugin, take care where you download your plugins from.

What Should You Do?

One thing you should immediately start planning to do is to continually update all your WordPress plugins and themes. Thousands of websites are hacked daily due to outdated plugins and themes installed on them. It is extremely important to update your site as soon as a new plugin or theme becomes available. Most hacking these days is performed as an entirely automated process, with bots searching Google using ‘Google Dorks’ finding vulnerable sites and probing them for exploitation opportunities.

Unfortunately, it is not good enough to update once a month or even once a week because bots are very likely to find a vulnerability before you patch it. The moment new vulnerabilities are found hacker bots are already searching for websites with them.

Good News!

Free Website Diagnostic

At WebsiteHackedFix, we offer world-class website firewall and services that continue to keep your website safe. We also have another piece of good news. If we are protecting your website and it is hacked, we will cure it at no additional cost. Our security partners have been fixing these types of compromised and defaced WordPress websites for the past 5 years and they actually become quite good at it.

Have any concerns about your website or just want a FREE health check to ensure you are not one of the millions of hacked WordPress sites, then just contact our cyber security team to do a full scan of your website via our FREE website infection / virus check . It’s always better to be safe than sorry.

FREE Website Scan

Do you have friends in your social networks or a Facebook group who you think would find this useful? Share this with them by clicking on the social network icons on the left side and then let me know what they think. Sign up for my free email updates to automatically receive my new post.

ZenMate General Banner