Security Update: WordPress Website Owners Be Warned – Major Announcement

Over the past few weeks there has been an onslaught for WordPress websites and server attacks, pretty well around the clock.

The graph below are just the stats from just one security plugin we use and it peaked at 40,000 attacks per minute, yes, per minute. These are not the global stats, just the stats from what this plugin tracks so multiply that by at least 10 to cover the top ten security plugins = 400,000 per minute (nominal number).

WordPress Hacked

Very few web or hosting companies talk about website security, or sites being hacked. It’s like the elephant in the room. The reality is any site can be hacked!

If Sony can be hacked, and hacked 3 times backed by a team of full time developers. And you’ve heard of the military and government sites being hacked, so it can and does happen.

It’s about having a pre-emptive plan and solutions. It’s making sure that there are ‘clean’ backups available for a restore. When there is a security compromise, and that’s when, not if, how quickly that is picked up and rectified. Future proofing plans that really make the difference for your WordPress website is what we do well.

We’ve had very little sleep, and my fair share of stress as we deal with this onslaught. So here’s how the week went, this is more of a short story sequence of events than accurate timeline as it’s all a blur wordpress –

Event 1: SPAM email report – check IP address – IP compromised

Event 2: Full system Scan – code infected files found, and removed – IP reset to new IP – tainted IP whitelist request done

Event 3: IP whitelist granted – IP reset back to original

Event 4: All WP Versions and Plugins updated, again (were updated the week before on schedule)

Event 5: SPAM email report – check IP address – IP compromised

Event 6: Full system Scan – code infected files found, and removed – breach 1 identified and corrected – IP reset to new IP – tainted IP whitelist request done

Event 7: Yippee, no SPAM reports, no support tickets – all is well in the world of www (albeit shortlived)

Event 8: SPAM email report – check IP address – IP compromised…

And so it went on – SPAM report, clean site, reset IP, re-whitelist IP, reset IP…

It seems they were targeting low traffic dormant WordPress websites so no client’s sites were actually affected.  Effectively they were hacking test sites we had, sending SPAM emails, then we’d clean it, sort the IP and back they’d come and around and around we’d go.

How the heck were they getting in?

At first we thought it was just a security issue in Gravity Forms as identified here – https://blog.sucuri.net/2015/02/malware-cleanup-to-arbitrary-file-upload-in-gravity-forms.html

The full extent of the issue was first identified by Joost from Yoast in one of his plugins (he did a great write up about it as well) only as late as April 20th 2015 .

The folk at Sucuri (World’s leading site security specialists) worked together with him to investigate the issue and found that it likely affected a lot more plugins than just that one.

Full story from the Sucuri folk here –

Security Advisory: XSS Vulnerability Affecting Multiple WordPress Plugins

To date, this is the list of affected plugins:

That’s a lot of plugins affected so no wonder we were going around in circles. All while you slept worry free wordpress

Most times hacks can be easily avoided, simply by keeping the version of WordPress and plugins up to date. As we use the Genesis Framework predominantly we also keep that up to date along with all the WordPress including the Premium Paid plugins.

Sounds simple, except when there are plugin conflicts, which happens more than most realise, they just don’t know about it. We’ve seen many a business owners click away at all the updates with no prior backup, no check process in place and no follow up testing sequence (and I’ve seen contact forms that didn’t work after an update for 3 months, ouch, bet that cost a bit).

That’s why we offer a full managed service, business owners should be focussing on what they’re good at, and the core business of making money. We worry about the techy stuff.

Details here – http://www.smarterwebsites.com.au/membership-program-levels/

For our members, take a sigh of relief knowing that your site is safe and secure. We apologise for any minor interruptions that occurred with emails bouncing while we reset the IP addresses as we worked through this.

We’re currently very confident that all is well again with the extra security measures we’ve added to our already paranoid level security wordpress

You do not need to update your plugins at all, kick back knowing that all is up to date and well with your www.

So why? Why hack? Email blasts are the reason for this latest round of attacks.

My own personal profile site was actually compromised – www.peterbutler.com.au and before we had realised they’d sent out over 135,000 SPAM emails.

Geez, if only these people would use their knowledge for good and not evil!

If you’re not a client or member and would like to know more about WordPress Website Management phone the office on 08 9439 2820 or have a look at our Managed Support Program here.

 

About Peter B Butler

Passionate with serial ‘hobbiest’ tendencies. Love WordPress & software 'toys'. Raving 70's Jap Bike collector. By day we convert dead dormant websites into profitable sites, hence ‘Smarter Websites’ - making them 'work', one at a time if necessary. On target for world domination, albeit our part of the world...

Speak Your Mind

*