Is your WordPress site hacked today?
Flip Keijzer, March 21, 2019
Hacked websites are an everyday concern for hosting companies and website owners. The last few days were no exception. We saw some very quickly deployed attacks on our platform.
These attacks do not count as 0-day attacks, but they are picked up really quick. 0-day attacks are attacks where a hacker exploits vulnerabilities of software before the public or even the software developer knows about them. The vulnerabilities below were already disclosed.
WordPress extra vulnerable
Especially in the land of WordPress, it is extremely important to be super quick with patching these issues. The sooner the better. By now, approximately 30% of all websites are built with WordPress. So, every hacker is really keen on finding ways to compromise this tool.
Don’t be alarmed, as long as you have some help in updating your websites and servers. That’s where your hosting company comes in.
The past days we saw two Common Vulnerabilities and Exposures (CVE’s) being posted: https://wpvulndb.com/vulnerabilities/9237 and a vulnerability not posted on WPvulndb.com, https://freemius.com/blog/sdk-security-vulnerability/
It’s interesting to see that indeed it’s very important to be quick on the ball with these vulnerabilities. CVE 9237 was posted on wpvulndb.com on March 20. We immediately scanned our platform on this issue. Indeed 1,5% of our hosted sites seems vulnerable for this issue. And 2 sites were hacked by evildoers.
For the Freemius vulnerability, about 10% of our platform seems at risk. Luckily only 4 sites were attacked.
For our clients, you can sleep at ease. Our complete platform is patched through the hard work of our technical team!