FBI Warns of Attacks on WordPress Sites

According to statistics and market share of WordPress being used as a website, as of today, WordPress v4 is used by 67.1% of all the websites who use WordPress. From TechCrunch to TED, CNN, Major League Baseball and the National Football League, WordPress users span a broad range, and the number of users grows on a daily basis.

Its widespread popularity is what makes WordPress sites more appealing to hackers than HTML/CSS static sites. But don’t think you’re in the clear if you’re not using WordPress for your site. No website is immune to being hacked or infected with malware.

I’ve had to restore a couple of WordPress sites this month that were taken down by malware. In both cases, had the sites been properly maintained this could have been prevented. The WordPress core files and plugins had not been upgraded in over a year. Outdated plugins were at the root cause of the problem. And these were what would be considered quality premium plugins. Usually it’s the free plugins that tend to cause problems as most (not ALL) are not kept up to date by the developers.

Now more than ever, you need to make sure you’re maintaining your WordPress site! ALWAYS keep up with the latest version of WordPress and your plugins. Be sure to delete plugins and themes that you’re not using; Don’t just deactivate them and then leave them parked on the server.

If you don’t have time to properly maintain your website (WordPress or not), sign up for one of my maintenance plans. It will save you hundreds of dollars in the long run, in addition to lost business due to your site being down — or blacklisted by Google.  If you need a maintenance plan that’s not listed, let me know and perhaps we can work out a custom plan to fit your needs.

FBI Warning

The FBI issued a public service announcement this week concerning WordPress website attacks being carried out by individuals sympathetic to the Islamic State in the Levant (ISIL) a.k.a. Islamic State of Iraq and al-Shams (ISIS). The perpetrators of these attacks are defacing sites across various platforms such as news organizations, businesses, government sites, and religious institutions.

ISIL DEFACEMENTS EXPLOITING WORDPRESS VULNERABILITIES

April 07, 2015
Alert Number: I-040715a-PSA

SUMMARY
Continuous Web site defacements are being perpetrated by individuals sympathetic to the Islamic State in the Levant (ISIL) a.k.a. Islamic State of Iraq and al-Shams (ISIS). The defacements have affected Web site operations and the communication platforms of news organizations, commercial entities, religious institutions, federal/state/local governments, foreign governments, and a variety of other domestic and international Web sites. Although the defacements demonstrate low-level hacking sophistication, they are disruptive and often costly in terms of lost business revenue and expenditures on technical services to repair infected computer systems.

TECHNICAL DETAILS
Researchers continue to identify WordPress Content Management System (CMS) plug-in vulnerabilities, which could allow malicious actors to take control of an affected system. Some of these vulnerabilities were exploited in the recent Web site defacements noted above. Software patches are available for identified vulnerabilities.

Successful exploitation of the vulnerabilities could result in an attacker gaining unauthorized access, bypassing security restrictions, injecting scripts, and stealing cookies from computer systems or network servers. An attacker could install malicious software; manipulate data; or create new accounts with full user privileges for future Web site exploitation.

THREAT
The FBI assesses that the perpetrators are not members of the ISIL terrorist organization. These individuals are hackers using relatively unsophisticated methods to exploit technical vulnerabilities and are utilizing the ISIL name to gain more notoriety than the underlying attack would have otherwise garnered. Methods being utilized by hackers for the defacements indicate that individual Web sites are not being directly targeted by name or business type. All victims of the defacements share common WordPress plug-in vulnerabilities easily exploited by commonly available hacking tools.