April 08, 2015

FBI Issues PSA: ISIL Defacements Exploiting WordPress Vulnerabilities

FBI (The Federal Bureau of Investigation) has issued a public service announcement showing continuous website defacements because of a vulnerability in the WordPress CMS.

FBI Issues PSA: ISIL Defacements Exploiting WordPress Vulnerabilities : eAskme
FBI Issues PSA: ISIL Defacements Exploiting WordPress Vulnerabilities : eAskme
Other people are reading : 5 Steps to Build Amazing Email Lists from the Ground Up 

The FBI has reported that these defacements are being carried out by the Islamic State in the Levant (ISIL), also known as Islamic State of Iraq and al-Shams (ISIS).

Only WordPress websites are vulnerable to these exploits. Attackers are using relatively unsophisticated methods. The defacements are easy to fix, but can cause disruption to business operations.
web


Also See : Yoast WordPress SEO Plugin Vulnerable To Hackers

Even if it is easy to fix, still the vulnerability is a serious issue as it allow attacker to take full control over a website.

If your website got hacked, then FBI recommends you following actions:

Identify WordPress vulnerabilities using free available tools such as
https://www.securityfocus.com/bid,
https://cve.mitre.org/index.html,
https://www.us-cert.gov/    
Review and follow WordPress guidelines:
https://wordpress.org/support/article/hardening-wordpress/

    Update WordPress by patching vulnerable plugins:
        https://wordpress.org/plugins/tags/patch
 
Make sure that all plugins that you are using are of most updated version.

WordPress securing blog Sucuri said that the top 2 plugins are being exploited, GravityForms (Version < v1.8.20) and RevSlider (Version < 4.2). Only older versions of are being exploited, so if you are using latest versions then you need not to worry.

Also See : Google Provides Tips On How To Fix Hacked Sites

There have also been several attacks reported against various other plugins, including Mailpoet, Wp Symposium, FancyBox etc. Attckers are trying to exploit anything, so it`s better to have latest version of plugins to be on safe side.

If you have any question or suggestion, feel free to share via comments. Don't forget to like us FB and join the eAskme newsletter to stay tuned with us.