In 2016 alone, sites on WordPress represented 78% of all the Internet’s infected sites!
What does that mean?
This means that if you are not taking proper security measures, your site could be next on the hit list of the hackers!
Here in this article, we have compiled a list of famous WordPress hacks and the lessons we learned from them.
If you are having problems with your site see WPHelpandFix.com for help
.
Famous WordPress Hacks, let’s begin…
- WordPress rest API vulnerability (Feb 2017)
Let’s start with the most recent and one of the most lethal exploit!
Updating the WordPress is sometimes a challenging thing, but what happens if you don’t update your CMS regularly?
Well, the hackers find an exploit and take over your site!
This is exactly what happened a few months back.
WordPress version 4.7.1 had a severe zero-day flaw that leads the around 67,000 pages being hacked! And the famous Linux Blog (news.opensuse.org) was also hacked for a short period of time.
This vulnerability allowed the hackers to delete or modify pages of the targeted site and even redirect the traffic to their own sites.
- NextGen Plugin Exploit (December 2016)
NextGen Gallery is quite a famous plugin in the WordPress plugin directory and one would imagine that being famous also means it is safe. But that wasn’t the case a few months back!
This vulnerability allowed the hackers to get into the database of a site and steal all the sensitive information including user credentials, bank information and etc. of the targeted site!
As per a professional estimate, at least 100,000 sites were hacked using this vulnerability before the patch was released!
- RevSlider Exploit (December 2014)
Another famous plugin named “RevSlider” was exploited by the hackers to hack tonnes of websites!
As per security researchers, more than 200,000 Websites were hacked by the attackers using this exploit! Furthermore, over 4.8 million emails were stolen using this exploit making it one of the biggest security breaches!
The attackers modified the plugin and forced it to make an extra administrator account. Then using that account, hackers uploaded a script called “smart.php” into the vulnerable sites. Once the script was loaded, the sites were then used to spread malware, ransomware, Trojans etc. Basically, the hackers exploited this vulnerability not just to hack into the sites, but also to spread their evil malware to the public at large!
- Mail Poet Newsletter (January 2013)
Mail Poet newsletter plugin (also known as Wysija Newsletter) was one of the most popular plugins back in the days. And with so much popularity, there’s always a case of some unwanted attention.
The hackers exploited the 2.2 and prior versions of this plugin to perform several SQL Injection attacks!
The attackers used this vulnerability to access and modify the database of the targeted sites, and they even searched for more vulnerabilities once they get the access to the database!
Since the plugin was quite popular at that time, the number of affected sites could be somewhere around 50,000-100,000.
- Ninja forms exploit (May 2016)
Ninja forms are the best way to collect information of visitors, right? But, what if I tell you that even those gravity forms could allow the hackers to hack your site!
May 2016, this was the first time that a shell upload vulnerability was found in the Ninja forms and the vulnerability existed in the versions 2.9.36 to 2.9.42 of this plugin!
The exploit allowed the hackers to upload a malicious shell (backdoor access) on the WordPress site and execute it which means that once the execution is done, the hacker is in complete control of the infected site and he could literally do anything including stealing information of the users of the site, spreading his own malware and etc.
Lessons to be learned from these hacks!
Okay, here are some things that will keep your site safe from the hackers!
- Keep your CMS Updated
This is The MOST IMPORTANT thing to do if you want to keep your site safe from the hackers.
With enough motivation and resources, sooner or later a hacker will find an exploit in an old version of the WordPress so it’s better to keep your CMS updated to make it at least difficult for the attackers to gain control of your site!
Keeping the CMS up to date will minimise the chances of your site being hacked significantly!
- Keep your Plugins and themes updated
Again, the same logic applies here. Keeping your Plugins and themes up to date means that the hackers will have fewer opportunities to hack your site!
We highly recommend the readers to check for updates every week to ensure maximum safety.
- Don’t use Unnecessary plugins
This might not seem a solution but trust me, it is!
Excessive plugins mean hackers have plenty of vulnerabilities to choose from and sooner or later they will target your site! So, it’s better to keep the usage of plugins to as low as possible.
Not only this is a good security measure, deleting unnecessary plugins will also contribute to speeding up the loading time of your site!
- Avoid using nulled plugins/themes
We know that starting a website requires some investment and so some newbies switch to using nulled plugins and themes!
If you are using one too, there’s a pretty good chance that your site is infected with severe payloads and you are not even in control of your own site!
It’s better to use free plugins/themes rather than using the nulled ones!
- Some good security plugins
Installing some good security plugins including WordFence, Sucuri Security, Ithemes Security and etc can be a good way to keep your site safe from the hackers.
- Frequent security checkups
Last but not the least, we highly recommend site owners to get security checkups of their site every once in a while. A security checkup from professionals like ourselves will ensure that you are safe from the hackers!
Keep Safe
If you have any website problems and want to talk to us for free about fixing your site then contact us on [email protected]
Join our Facebook Group for WordPress Help and discussions
https://www.facebook.com/groups/272244939906761/
Thank you very much for this information. You are Up-Voted and Followed!
Congratulations @wphelpandfix! You have completed some achievement on Steemit and have been rewarded with new badge(s) :
Click on any badge to view your own Board of Honor on SteemitBoard.
For more information about SteemitBoard, click here
If you no longer want to receive notifications, reply to this comment with the word
STOP