Support » Fixing WordPress » Preventing Blog Hacks

  • Hello – I’m curious if anyone has tips for avoiding the creation of “hacker posts” on WordPress sites. We’re on the latest version (4.7.3) which we’ve been very careful to keep up on after a hack last month, which looked like it was made possible by a security vulnerability in 4.7.1. (We had the same problem as the post here: https://wordpress.org/support/topic/hacked-by-sa3d-hack3d/)

    We signed up for SiteLock which was helpful and told us this morning that we had a malware warning for “defaced pages” – sure enough, the list they provided was full of similar material to the last one. This time it said “just for fun” and “hacked by GeNeRaL.” Since we’re on the latest version of WP, and we had updated our password to one of the long, random, extra-complex ones that WP suggests, I don’t know what to do to prevent this. I deleted all of the blog posts, but is there anything better we should be doing?

    Thanks in advance for any help!

Viewing 6 replies - 1 through 6 (of 6 total)
  • Moderator Steven Stern (sterndata)

    (@sterndata)

    Forum Moderator & Support Team Volunteer

    Take a deep breath and carefully follow this guide. When you’re done, you may want to implement some (if not all) of the recommended security measures.

    If you’re unable to clean your site(s) successfully, there are reputable organizations that can clean your sites for you. Sucuri and Wordfence are a couple.

    @xtiana,

    Logan from SiteLock here. The “Hacked by General” campaign as far as we’ve observed was related only to the REST API vulnerability you mentioned. Upon updating WordPress you have patched the hole that was most likely used to execute the defacement. Keep in mind that this particular campaign was known to edit *existing* posts, so if you go to posts and view the defaced pages (unless all are completely deleted and out of your trash), review your previous revisions to see if any of the previous content is recoverable. Fortunately, there has not been a documented link between the “Hacked by General” campaign and data outside of posts being compromised. The bottom line is that you’re most likely in the clear regarding that particular incursion, but continuing to run malware scans on an ongoing basis is your best way to be certain. Please let me know if you have any questions!

    Thanks! Fortunately we don’t really use the blog anymore – I didn’t think those were existing posts but maybe so. I deleted them all and that was no big deal. Any idea why it would have taken until today (we updated WP back on 3/13 and have been on SiteLock for a few weeks now, I believe) to notice the page defacement? We assumed it was a new hack just because we didn’t know about it until today.

    @xtiana,

    There are a number of reasons why that could have happened, ranging from configuration issues to signing up for a subscription designed for a smaller site. I would be happy to look into the matter for you, but to do so I would need to validate into your account in order to see any account-specific information. Give us a call using the phone number on the SiteLock website to review your account. You’re welcome to ask for me by name if you’d like to speak with me directly.

    @logankipp – I tried to ask for you when I called, but it sounds like they couldn’t find you at the time. The rep I spoke with checked the site in question and said there are only 95 pages. Do you think it’s an issue with SiteLock not noticing it, or is it more likely that this more recent hack cropped up as a result of some other vulnerability (a plugin, theme, something else)?

    I can try calling and asking for you again so you can check out our account, or you can reach me [redacted]. We’ll most likely want to add on several other domains to this account and possibly upgrade. Thanks for your help!

    Just following-up to close-out this thread as resolved. @xtiana and I were able to connect, however the remainder of the conversation concerned only account-specific information relating to her SiteLock subscription. Thanks all!

Viewing 6 replies - 1 through 6 (of 6 total)
  • The topic ‘Preventing Blog Hacks’ is closed to new replies.