FBI (The Federal Bureau of Investigation) has issued a public service announcement showing continuous website defacements because of a vulnerability in the WordPress CMS.
Other people are reading : 5 Steps to Build Amazing Email Lists from the Ground Up
The FBI has reported that these defacements are being carried out by the Islamic State in the Levant (ISIL), also known as Islamic State of Iraq and al-Shams (ISIS).
Only WordPress websites are vulnerable to these exploits. Attackers are using relatively unsophisticated methods. The defacements are easy to fix, but can cause disruption to business operations.
Also See : Yoast WordPress SEO Plugin Vulnerable To Hackers
Even if it is easy to fix, still the vulnerability is a serious issue as it allow attacker to take full control over a website.
If your website got hacked, then FBI recommends you following actions:
Identify WordPress vulnerabilities using free available tools such as
https://www.securityfocus.com/bid,
https://cve.mitre.org/index.html,
https://www.us-cert.gov/
Review and follow WordPress guidelines:
https://wordpress.org/support/article/hardening-wordpress/
Update WordPress by patching vulnerable plugins:
https://wordpress.org/plugins/tags/patch
Make sure that all plugins that you are using are of most updated version.
WordPress securing blog Sucuri said that the top 2 plugins are being exploited, GravityForms (Version < v1.8.20) and RevSlider (Version < 4.2). Only older versions of are being exploited, so if you are using latest versions then you need not to worry.
Also See : Google Provides Tips On How To Fix Hacked Sites
There have also been several attacks reported against various other plugins, including Mailpoet, Wp Symposium, FancyBox etc. Attckers are trying to exploit anything, so it`s better to have latest version of plugins to be on safe side.
If you have any question or suggestion, feel free to share via comments. Don't forget to like us FB and join the eAskme newsletter to stay tuned with us.
 |
| FBI Issues PSA: ISIL Defacements Exploiting WordPress Vulnerabilities : eAskme |
The FBI has reported that these defacements are being carried out by the Islamic State in the Levant (ISIL), also known as Islamic State of Iraq and al-Shams (ISIS).
Only WordPress websites are vulnerable to these exploits. Attackers are using relatively unsophisticated methods. The defacements are easy to fix, but can cause disruption to business operations.
Also See : Yoast WordPress SEO Plugin Vulnerable To Hackers
Even if it is easy to fix, still the vulnerability is a serious issue as it allow attacker to take full control over a website.
If your website got hacked, then FBI recommends you following actions:
Identify WordPress vulnerabilities using free available tools such as
https://www.securityfocus.com/bid,
https://cve.mitre.org/index.html,
https://www.us-cert.gov/
Review and follow WordPress guidelines:
https://wordpress.org/support/article/hardening-wordpress/
Update WordPress by patching vulnerable plugins:
https://wordpress.org/plugins/tags/patch
Make sure that all plugins that you are using are of most updated version.
WordPress securing blog Sucuri said that the top 2 plugins are being exploited, GravityForms (Version < v1.8.20) and RevSlider (Version < 4.2). Only older versions of are being exploited, so if you are using latest versions then you need not to worry.
Also See : Google Provides Tips On How To Fix Hacked Sites
There have also been several attacks reported against various other plugins, including Mailpoet, Wp Symposium, FancyBox etc. Attckers are trying to exploit anything, so it`s better to have latest version of plugins to be on safe side.
If you have any question or suggestion, feel free to share via comments. Don't forget to like us FB and join the eAskme newsletter to stay tuned with us.
