Cyber-perpetrators are up again. Blog reports revealed that there are “malicious” attacks on-going on older versions of WordPress. The developers of the popular blog publishing application don’t have a complete report nor any security updates released yet. All they said was that “hundreds” of WordPress agents are on a watchful eye over this matter.
Their immediate respond on how you can protect your WordPress blog? UPDATE NOW!!
Who are affected?
Reports said that the attack affects ALL WordPress versions, and even 2.8.4 isn’t a complete safe island now. The only exception are WordPress.com blogs since they are up-to-date. The extent of the damage is still not fully disclosed, however, majority of the symptoms were seen.
How to detect if your site has been attacked?
A popular WordPress blog : Lorelle on WordPress gave these indicators.
There are two clues that your WordPress site has been attacked.
1. There are strange additions to the pretty permalinks, such as
example.com/category/post-title/%&(%7B$%7Beval(base64_decode($_SERVER%5BHTTP_REFERER%5D))%7D%7D|.+)&%/. The keywords are “eval” and “base64_decode”2. A “back door” was created by a “hidden” Administrator. Check your site users for “Administrator (2)” or a name you do not recognize. You will probably be unable to access that account, but Journey Etc. has a possible solution.
Tips to prevent and protect your WordPress blogs
1. UPDATE NOW! Old versions of WordPress are very vulnerable to attacks. If you are using versions after 2.7, the nag screen in the administration panel urge you to upgrade, do it. Older versions than 2.7 should be upgraded immediately
2. Do not rely upon a WordPress Plugin to protect you. There were many reports of Plugins that claims to “help” in the forums. They could in other ways, but the best thing right now is to Upgrade, so please do. Currently, this is the only solution available if your site has not been impacted.
3. Change ALL passwords to a stronger password immediately. This includes WordPress blog access for all users, database, FTP, control panels, everything.
What can you do if you’ve been attacked?
Key WordPress developers are working on a possible solution for this mess. They will release security updates as soon as they found a solution for this. For now what you can do, if you think your WordPress blog has been attacked, are the following:
1. Export all your content with the built-in XML WordPress export (pre 2.1 versions, try the WordPress-to-WordPress Import WordPress Plugin) and literally remove your WordPress installation totally (save images and general files). DO NOT EXPORT YOUR DATABASE! This would only export the hacked code as well.
2. Install the latest version of WordPress and add the “clean” backup of your WordPress Theme, then import the XML export. The export will contain your posts, Pages, and comments, and hopefully no other hacked code.
3. Be cautious not to export the “whole” database since the hack has gone deep into the WordPress DB. You can view, “How To Completely Clean Your Hacked WordPress Installation” by Smackdown for additional tips. It is a good article on how to reinstall WordPress after being hacked.
Wrap up
As always, cyber bastards are alive and wants to sabotage our “peaceful” online living. Literally, millions of users such as governments, offices, business establishments and bloggers are using WordPress today. If these attacks would fully materialize, and prove to be fatal, a catastrophe in large proportion may arise within the WordPress community.
Always check WordPress Support Forums for more information and support. As well as the WordPress Development Blog for other updates in your WordPress blog.
Other helpful articles can be read on Lorelle on WordPress. The website “strongly” encourages to spread the WORD about this attacks so that millions of users on WordPress would be informed and prepared.
You might also like
Tags: breach, hacked, hackers, malicious, secret, security, under attack, wordpress
