FBI: ISIL Defacements Exploiting WordPress Vulnerabilities

[djbaxter]

FBI: ISIL Defacements Exploiting WordPress Vulnerabilities
by Matt Southern, Search Engine Journal
April 8, 2015

The Federal Bureau of Investigation (FBI) has issued a public service announcement about continuous website defacements occurring as a result of a vulnerability in the WordPress content management system...

Since websites being attacked are compromised through vulnerabilities in WordPress plugins, one way to protect yourself from an attack is to keep your plugins updated.
Accoring to WordPress securing blog Sucuri, the top 2 plugins currently being exploited are: RevSlider (Version < 4.2), and GravityForms (Version < v1.8.20). Note that only older versions of these plugins are being exploited, so if you have the latest versions installed you should be protected.


In addition, there have also been attacks reported against several other plugins, including FancyBox, Wp Symposium, Mailpoet and others. Attackers are said to be exploiting anything they can get their hands on, so the best course of action is to update everything.

Read more

 

[Linda Buquet]

Yikes,

Damn hackers!

David I have lots of old plugins at both my blogs. I'll need to hire you to check and update them both for me.

 

[djbaxter]

I'm already doing that, Linda. They are both up to date.

 

[Linda Buquet]

Thanks David!