Starting in July 2019, our web team has been tracking a hacker group that is exploiting vulnerabilities in over 60 million WordPress websites. They get in through your website’s “backdoor” and create a rogue admin login so they can continue to login and exploit your website data.
If you have a WordPress website, you will want to keep reading to know what this attack is and how to prevent these hackers from creeping into your backdoor.
How WordPress Hackers Are Getting in the Backdoor
The current ‘backdoor attack’ is a malicious Javascript code that gets added to compromised websites. This piece of code then gives hackers the ability to create a new user with administrator privileges.
Check if you have been attacked: Login to your WordPress, check under your Users tab and see if there is anyone with the username: wpservices, email: wpservices@yandex.com and password: w0rdpr3ss. If there is, your site has been breached, and you should delete that user account immediately.
What Makes This Attack Difficult to Stop
By creating a unique admin account first, it makes it incredibly difficult for security systems to catch or block certain actions. Because, after all, they have the highest level of permission for your website. Once they successfully add the Admin-user account, they have the ability to install more backdoors and perform additional malicious activity from the inside.
How does this happen in the first place?
The most common way we have seen this hack take place is by getting in through old or out-dated plugins. Current plugins under attack are:
- Bold Page Builder
- Blog Designer
- Live Chat with Facebook Messenger
- Yuzo Related Posts
- Visual CSS Style Editor
- WP Live Chat Support
- Form Lightbox
- Hybrid Composer
- All former NicDark plugins (nd-booking, nd-travel, nd-learning).
If your website is currently using any of the plugins listed above, it’s best to remove them and find a different solution.
How to Prevent Your Site From Future Attacks
If you are lucky enough not to have been hacked yet, consider taking proactive steps to avoid your site from getting hacked in the future. Hackers are getting smarter every day and will continue to find new ways to take advantage of vulnerable websites. Make your website more secure by taking the following steps as soon as possible:
1. Update Your Plugins Monthly: Make sure all your plugins are always up-to-date and still compatible with your WordPress theme and version.
2. Update WordPress to the Latest Version: We highly recommend always updating your WordPress to the latest version to gain access to the latest security functions. \
3. Add an SSL Certificate: Make sure you have an SSL installed on your site for good measure as it is incredibly important to keep your site secure.
4. Two-factor Authentication: If you don’t already have it, consider adding two-factor authentication for admin access to your website. This means users will need both an email and phone number in order to login.
Most Importantly: Let Us Help You
Sign up for the KWSM: a digital marketing agency Web Maintenance Program. In addition to the regular maintenance tasks that every website needs on a monthly basis, this program also ensures we follow all the steps above regularly to prevent your website from getting hacked. Giving you the peace of mind that your website is safe and secure.
98% of WordPress Vulnerabilities are Related to Plugins
Keeping your website up-to-date is crucial to keeping your website and your customer’s personal data safe from being exploited. Our web developers can help you determine all the vulnerabilities your website has and come up with a personalized plan to maintain your website.
CLICK HERE to schedule a complimentary 30-minute website audit.