WordPress sites are at a significant risk of getting hacked as warned by the FBI to the WordPress users to patch their plugins. This suggestion of precaution was issued after many private and government websites were hacked in many countries including those in the US and Europe.
These hackers have been believed to be linked to terrorist organizations like ISIS as the hacked websites had uploaded images supporting them. The FBI issued this statement: “Continuous Website defacements are being perpetrated by individuals sympathetic to the Islamic State in the Levant (ISIL) a.k.a. Islamic State of Iraq and al-Shams (ISIS).” And also told that all WordPress sites have a significant threat of being hacked as the security measures on WordPress websites are not sufficient to completely prevent hacking.
A particular niche of WordPress sites are not being targeted rather they used some plugins’ vulnerability to take control of the site which is the most used way to do it as said by the FBI “easily exploited by commonly available hacking tools.”
ISIL DEFACEMENTS EXPLOITING WORDPRESS VULNERABILITIES
The FBI suggested that users should keep their websites updated and also avoid using the third party outdated plugins which were not specifically named but told that they are the basis of many such incidents.
Some of the most vulnerable plugins according to Securi (a Complete Website Security Provider) are (RevSlider had more than 100,000 cases of hacking.):
This plugin features tons of unique transition effects, an image preloader, video embedding, autoplay that stops on user interaction and lots of easy to set options to create your effects.
- Patch for Revolution Slider
- RevSlider Vulnerability Leads To Massive WordPress SoakSoak Compromise
- Critical Security Vulnerability Found in WordPress Slider Revolution Plugin, Immediate Update Advised
Seamlessly integrates FancyBox into your blog: Upload, activate, and you’re done. Additional configuration is optional.
Updates and Solutions
3. MailPoet Newsletters
Create newsletters, automated emails, post notifications, and autoresponders. Capture subscribers with our signup widget. Drop your posts, images, social icons in your newsletter. Change fonts and colors on the fly. A simple newsletter solution for WordPress
Gravityforms is also affected by the vulnerability. Here are more details about it.
This is the ultimate social network plugin for WordPress. You can create your social network, on your WordPress website.
Some examples of major websites getting hacked by the same people include the US central command twitter feed and French TV5Monde’s website and Facebook page which shows that to what scale can these hackers hack sites. These threats have also caused the web hosting providers to beef up their security measures, so be sure to choose a hosting which provides sufficient security measures for their users.
With the release of WordPress 4.1.2 and to overcome multiple vulnerabilities, one of which could allow a site to be compromised by a remote attacker. WordPress 4.1.1 and earlier are affected by this vulnerability.
It is highly recommended that you must read the WordPress Security Release and apply the necessary changes to your WordPress powered website.