If you read our blog last week, you are already aware of multiple WordPress Plugins that became vulnerable to Cross-site Scripting (XSS) due to the misuse of the add_query_arg() and remove_query_arg() functions. These are popular functions used by developers to modify and add query strings to URLs within WordPress.
The exact number of plugins affected is still unknown, but here is a short list:
- Contact Form 7
- WordPress SEO
- WordPress Importer
- Google Sitemap Generator
- All In One SEO
- WP Super Cache
- Tiny MCE Advanced
- NextGen Gallery
- Google Analytics for WordPress
- Hello Dolly
- WP Page Navi
- W3 Total Cache
- Better WP Security
- The Events Calendar
- WP eCommerce
- WordPress SEO
- Google Analytics by Yoast
- All In one SEO
- Gravity Forms
- Multiple Plugins from Easy Digital Downloads
- Download Monitor
- Related Posts for WordPress
- My Calendar
- P3 Profiler
- Multiple iThemes products including Builder and Exchange
- Ninja Forms
I know. The list really doesn’t seem that short, does it?
In our last blog, we explained how to update your plugins for your WordPress site. However, it appears at this point in time there are numerous websites that are still affected. This means—as a business owner with a WordPress website—that if you don’t update the plugins, there is a very good chance that your website has already been hacked by individuals obtaining sensitive and confidential client information in addition to re-directing your website to a completely different website that you don’t want to be correlated with (i.e. porn). And, unfortunately your SEO is now being downgraded substantially because of the (ahem) content of the site.
What Can You Do To Stop It?
There are several things you can do on your own:
When addressing a security issue, as a website owner, you’re likely experiencing an undue amount of stress. The good news is that all is not lost! Yes, you might lose some money. Yes, you might take a hit against your brand, but you will recover from this.
Scan your local environment.
The first place you should start with is your local environment. In many cases, the source of the attack / infection begins in your local box (i.e., notebook, desktop, etc…).
Make sure you run a full anti-virus/malware scan on your local machine. Some viruses are good at detecting AV software and hiding from them. So maybe try a different one. This advice extends to both Windows, iOS and Linux machines.
Un-Hide All Files and Folders
You also want to unhide all the files and folders to include extensions for all files. You can run a search for *.exe files, sort them by size, most malicious code is executable and is lesser than 5MB usually but can be > 5MB. Also not every .exe under 5MB is malicious. Delete the known viruses/worms/autoruns, make a list of all suspected executables, check against online databases.
Caution: Make sure you don’t delete the system files. You want to be mindful of the various types of symptoms and how they affect your website and it’s visitors.
Be Mindful of Website Blacklists.
Google Blacklist issues can be detrimental to your brand. They currently blacklist somewhere in the neighborhood of 9,500 to 10,000 websites a day. This number grows daily. There are various forms of warnings, from large splash pages warning users to stay away, to more subtle warnings that pop up in your Search Engine Result Pages (SERPs).
Although Google is one of the more prominent ones, there are a variety of other blacklist entities like Bing, Yahoo and a wide range of Desktop anti-virus applications. Understand that your clients / website visitors may leverage any number of tools and any one of them could be causing the issue.
Find and remove the hack.
This is perhaps the hardest part of this entire list and the part that will require the most work. It will come down to your individual technical knowledge and insight around website hacks. If you restore from a known clean backup of your WordPress Database, and re-upload your backed up WordPress plugin and theme files through FTP or SFTP, that will ensure that all those bits are clean of malicious code are gone.
Replace the core WordPress files with ones from a fresh downloaded zip file.
Replacing all your core files will ensure that they are no longer left in a hacked state. If you didn’t already restore backup copies of your plugin and theme files, replace them too.
Once you are clean, update your WordPress installation to the latest software. Older versions are prone to hacks than newer versions.
Change the passwords again!
Remember, you need to change the passwords for your site after making sure your site is clean. So if you only changed them when you discovered the hack, change them again now.
I Don’t Have The Time Or Knowledge For This!
This is where Cyber-Construction comes in to save the day, as well as your website! We are offering remote monitoring for all WordPress sites and will ensure that all of your updates are done on time and without any hassle to you!
Our Website Remote Monitoring program provides to you the peace of mind you deserve. Stay focused on what you do best and let us worry about dealing with the tedious but critically important task of keeping your WordPress website up to date, online, and secure for as low as $9.00 per month.
Cyber-Construction doesn’t want your business to fail online due to webmaster administration details that have been pushed down the to-do list for a busy business owner. Contact us as soon as possible to fix your website so your business doesn’t suffer!