Over the past few weeks there has been an onslaught for WordPress websites and server attacks, pretty well around the clock.
The graph below are just the stats from just one security plugin we use and it peaked at 40,000 attacks per minute, yes, per minute. These are not the global stats, just the stats from what this plugin tracks so multiply that by at least 10 to cover the top ten security plugins = 400,000 per minute (nominal number).
Very few web or hosting companies talk about website security, or sites being hacked. It’s like the elephant in the room. The reality is any site can be hacked!
If Sony can be hacked, and hacked 3 times backed by a team of full time developers. And you’ve heard of the military and government sites being hacked, so it can and does happen.
It’s about having a pre-emptive plan and solutions. It’s making sure that there are ‘clean’ backups available for a restore. When there is a security compromise, and that's when, not if, how quickly that is picked up and rectified. Future proofing plans that really make the difference for your WordPress website is what we do well.
We’ve had very little sleep, and my fair share of stress as we deal with this onslaught. So here’s how the week went, this is more of a short story sequence of events than accurate timeline as it’s all a blur –
Event 1: SPAM email report – check IP address – IP compromised
Event 2: Full system Scan – code infected files found, and removed – IP reset to new IP – tainted IP whitelist request done
Event 3: IP whitelist granted – IP reset back to original
Event 4: All WP Versions and Plugins updated, again (were updated the week before on schedule)
Event 5: SPAM email report – check IP address – IP compromised
Event 6: Full system Scan – code infected files found, and removed – breach 1 identified and corrected – IP reset to new IP – tainted IP whitelist request done
Event 7: Yippee, no SPAM reports, no support tickets – all is well in the world of www (albeit shortlived)
Event 8: SPAM email report – check IP address – IP compromised…
And so it went on – SPAM report, clean site, reset IP, re-whitelist IP, reset IP…
It seems they were targeting low traffic dormant WordPress websites so no client’s sites were actually affected. Effectively they were hacking test sites we had, sending SPAM emails, then we’d clean it, sort the IP and back they’d come and around and around we’d go.
How the heck were they getting in?
At first we thought it was just a security issue in Gravity Forms as identified here - https://blog.sucuri.net/2015/02/malware-cleanup-to-arbitrary-file-upload-in-gravity-forms.html
The full extent of the issue was first identified by Joost from Yoast in one of his plugins (he did a great write up about it as well) only as late as April 20th 2015 .
The folk at Sucuri (World’s leading site security specialists) worked together with him to investigate the issue and found that it likely affected a lot more plugins than just that one.
Full story from the Sucuri folk here –
To date, this is the list of affected plugins:
- WordPress SEO
- Google Analytics by Yoast
- All In one SEO
- Gravity Forms
- Multiple Plugins fromEasy Digital Downloads
- Download Monitor
- Related Posts for WordPress
- My Calendar
- P3 Profiler
- MultipleiThemes products including Builder and Exchange
- Ninja Forms
That’s a lot of plugins affected so no wonder we were going around in circles. All while you slept worry free
Most times hacks can be easily avoided, simply by keeping the version of WordPress and plugins up to date. As we use the Genesis Framework predominantly we also keep that up to date along with all the WordPress including the Premium Paid plugins.
Sounds simple, except when there are plugin conflicts, which happens more than most realise, they just don’t know about it. We’ve seen many a business owners click away at all the updates with no prior backup, no check process in place and no follow up testing sequence (and I’ve seen contact forms that didn’t work after an update for 3 months, ouch, bet that cost a bit).
That’s why we offer a full managed service, business owners should be focussing on what they’re good at, and the core business of making money. We worry about the techy stuff.
Details here – https://smarterwebsites.com.au/membership-program-levels/
For our members, take a sigh of relief knowing that your site is safe and secure. We apologise for any minor interruptions that occurred with emails bouncing while we reset the IP addresses as we worked through this.
We’re currently very confident that all is well again with the extra security measures we’ve added to our already paranoid level security
You do not need to update your plugins at all, kick back knowing that all is up to date and well with your www.
So why? Why hack? Email blasts are the reason for this latest round of attacks.
My own personal profile site was actually compromised – www.peterbutler.com.au and before we had realised they’d sent out over 135,000 SPAM emails.
Geez, if only these people would use their knowledge for good and not evil!
If you’re not a client or member and would like to know more about WordPress Website Management phone the office on 08 9439 2820 or have a look at our Managed Support Program here.