According to WCCF Tech, the FBI is warning WordPress users against a possible exploit being used by ISIS that could take control of sites using older versions of WordPress. According to the FBI, ISIS is affecting
“Web site operations and the communication platforms of news organizations, commercial entities, religious institutions, federal/state/local governments, foreign governments, and a variety of other domestic and international Web sites.”
Although the damage has been limited to defacement and demonstrate a low-level sophistication in hacking, the FBI states that these attacks could be disruptive to businesses. The hackers are entering through vulnerable plugins.
The FBI recommendation bottom line? PATCH/UPDATE YOUR PLUGINS/SITE! Yeah, you should be doing that anyway, right? Just keep in mind that the last time hackers bypassed security restrictions on unpatched WordPress sites, Google ended up blacklisting over 11,000 domains. Were you one of those domains? Do you wanna be?
To add salt to the wound, it’s not even ISIS itself that is perpetrating the hack, it’s the group’s sympathizers. No accounting for taste. Anyway, here’s the FBI checklist to help you keep your site’s security up to date:
“The FBI recommends the following actions be taken:
- Review and follow WordPress guidelines:
http://codex.wordpress.org/Hardening_WordPress- Identify WordPress vulnerabilities using free available tools such as
http://www.securityfocus.com/bid,
http://cve.mitre.org/index.html,
https://www.us-cert.gov/- Update WordPress by patching vulnerable plugins:
https://wordpress.org/plugins/tags/patch- Run all software as a non-privileged user, without administrative privileges, to diminish the effects of a successful attack
- Confirm that the operating system and all applications are running the most updated versions
Stop ignoring all those updates on your WP dashboard. Get done! And if you haven’t logged into your WP site for a while, now’s the time.