Wordpress blogs defaced in hack attacks

More than a million pages have been defaced by hackers exploiting the latest of many bugs in WordPress, say security experts. Which is more bad news for those using a WordPress website or blog. A security flaw in WordPress blogs has let hackers attack and deface tens of thousands of sites yet again! This keeps happening with WordPress websites and blogs so if you own a WordPress website you need to keep an eye on it daily!

One estimate, so far, suggests that over 1.5 Million pages on blogs have been defaced. 

The security firm that found the vulnerability said some hackers were now trying to use it to take over sites rather than just spoil pages. However this type of hacking isn’t new for WordPress websites. With many owners not even aware their websites and blogs have been hacked. Some hacker groups don’t just deface a website anymore, they use the WordPress bugs and plugin bugs to hijack sites for their own ends.

There is no doubt that if your WordPress website has been hacked it will adversely affect your website ranking in SERPS (search engines results pages). This means your website will show less and less in the first few pages of Google than it did before. or show a hacked message that is difficult to get rid of in Google. So if you are using a WordPress website or blog, you must continuously keep patching it up using the updates available. However if you also use Plugins then you’ll need to find a patch for these too otherwise the security holes will still be open in your website or blog.

WordPress urged site owners to update software to avoid falling victim.

Feeding frenzy for Wordpress hackers

The vulnerability is found in an add-on (plugin) for the WordPress blogging software that was introduced in versions released at the end of 2016. 

A security firm found the "severe" bug and informed WordPress about it on 20 January, which was good of them. In a blogpost, WordPress said it delayed going public about the flaw in it’s software and the plugins so it could first advise hosting firms to update their software to a patched-up version. The patched version of WordPress was formally released on 26 January so many of the hacked sites and blogs could apply the latest update.

However, many blogs have not followed suit leaving them open to defacement attacks.

Another security firm said it had seen evidence that 20 hacker groups were trying to interfere with vulnerable sites and gain control of them. About 40,000 blogs are believed to have been hit. The vulnerability set off a "feeding frenzy" among hacker groups.

During the past 48 hours the security firm saw almost 1 Million attacks exploiting this specific vulnerability across the WordPress sites they monitor.

"Attackers are starting to think of ways to monetise this vulnerability," wrote security firm founder.

"Defacements don't offer economic returns, so that will likely die soon." Hackers were keen to use these vulnerable sites as proxies for spam or malware campaigns, he said.

Wordpress bug warnings

The message for all WordPress websites owners is: Either change your website ASAP for a custom built website (speak to aprompt for our fantastic custom code website options starting from as little as £40/month) or continuously pay your web developer (or do it yourself) to keep your WordPress code patched up with the updates it provides and find patches to any plugins you may also have.

Custom websites are safer!

Need some friendly advice? Give us a call on 01249 448 139 or email one of our websites designers in Wiltshire and we can give you free advice about your website.

Written by Kirsty Paget