WordPress Security: 2015 in Review

Anoth­er day, anoth­er year and 2015 is draw­ing to a close. It’s been an inter­est­ing year with Don­ald Trump mak­ing waves in the pres­i­den­tial elec­tions, and fin­ish­ing off with Steve Har­vey crown­ing the wrong Miss Uni­verse! 2015 is a year to remem­ber. In the midst of the hol­i­day cheer, it’s also the time to reflect back on the past year to learn and grow from our mis­takes.

By mis­takes, we mean laps­es in your Word­Press secu­ri­ty — not on how you need to start hit­ting gym! With Word­Press attacks on the rise, it’s more impor­tant than ever to keep your site safe and beware of some com­mon pit­falls. Only last month, data secu­ri­ty firm Imper­va con­firmed in their WAAR Report 2015 that Word­Press has been the vic­tim 3.5 times more than oth­er Con­tent Man­age­ment Sys­tems.

Word­Fence has released the results of their first annu­al Word­Press Secu­ri­ty Sur­vey. A large sam­ple of 7,375 Word­Press users took part in the sur­vey reveal­ing data of secu­ri­ty behav­iour of Word­Press users, from those with lit­tle to no expe­ri­ence to total experts.

Of the respon­dents, 38.9% admit­ted to being a vic­tim of a Word­Press attack in the past year. It appears that a major­i­ty of the vic­tims were not proac­tive­ly scan­ning their site for virus­es but rather stum­bled upon it. Over 35% of the sam­ple said that they were alert­ed to their site being com­pro­mised while vis­it­ing their site. Around 27% said that their host­ing provider took their site offline and 26% were con­tact­ed by a cus­tomer.

Although more than half of Word­Press users find their income great­ly affect­ed when their site goes com­pro­mised, it appears from the sur­vey results that expert users were far more con­cerned about site secu­ri­ty than advanced and inter­me­di­ate users.

Plu­g­ins often make it to the news for cre­at­ing vul­ner­a­bil­i­ties in the site’s defense sys­tem, yet inter­est­ing­ly the sur­vey found that the most used plu­g­in type installed was a secu­ri­ty plu­g­in. It was close­ly fol­lowed by con­tact form, SEO and anti-spam plu­g­ins.

As a site own­er, it’s your respon­si­bil­i­ty to keep your site well pro­tect­ed. Use these 4 sim­ple ways to pro­tect your site from ever get­ting com­pro­mised.

Mer­ry Christ­mas and a Hap­py New Year from every­body at WPSOS! See you next year ;)

GoDaddy and SiteLock Partner to Add Security to Small Business WordPress Sites

It seems like very week there are new reports of secu­ri­ty attacks on Word­Press sites, and accord­ing to recent reports the num­bers are just get­ting high­er. GoDad­dy, the high­ly pop­u­lar domain reg­is­trar and web host­ing com­pa­ny, has decid­ed to add extra secu­ri­ty to Word­Press sites owned by small busi­ness own­ers. The com­pa­ny has part­nered with Site­Lock, a web­site secu­ri­ty provider, to reduce secu­ri­ty vul­ner­a­bil­i­ties and attacks.

The two com­pa­nies which have been work­ing togeth­er since April 2014, have announced a new plu­g­in keep­ing web devel­op­ers and design­ers in mind. With just one click, busi­ness­es will be able to access and under­stand their web­site secu­ri­ty sit­u­a­tion. With­out hav­ing to leave your web­site, the plu­g­in gives you an at-a-glance view of secu­ri­ty scan results with­in the Word­Press dash­board.

“This brought their secu­ri­ty infor­ma­tion to the fore­front in Word­Press so they can man­age their port­fo­lio of web­sites with­out hav­ing to ever leave the Word­Press site,” Site­Lock Pres­i­dent Feath­er said. “They can scan to make sure it’s free of mal­ware and can do all this with­in one inter­face. It’s a pow­er­ful tool for them because it enables them to do it in real time as they’re work­ing and adding fea­tures to their site.”

Oth­er fea­tures include secu­ri­ty scans on Word­Press pages in draft mode and real-time updates to resolve threats with min­i­mal laten­cy between the time they are iden­ti­fied and resolved. The plu­g­in can also rec­og­nize spe­cif­ic vul­ner­a­bil­i­ties and quick­ly resolve them on its own.

Tom Serani, Site­Lock Exec­u­tive Vice Pres­i­dent of Busi­ness Devel­op­ment, said, “As the host­ing space con­tin­ues to evolve, we want­ed to offer a strate­gic solu­tion through a trust­ed small busi­ness advi­sor and part­ner like GoDad­dy. We worked togeth­er to make it easy for cus­tomers to seam­less­ly inte­grate secu­ri­ty into their sites.”

Users can use one set of log-in cre­den­tials through the plu­g­in to access and man­age both their GoDad­dy account and Site­Lock infor­ma­tion.

WP Engine Suffers Security Breach

WP Engine has suf­fered a major secu­ri­ty breach it forc­ing to reset over 30,000 cus­tomers’ pass­words. On Tues­day, the Word­Press host­ing out­fit con­fessed to the hack attack. It post­ed rec­om­men­da­tions on reset­ting pass­words with updat­ed step-by-step links on how to do it.

WP Engine is a Host­ed ser­vice provider, which man­ages Word­Press host­ing for mis­sion crit­i­cal sites around the world. Set up by Word­Press to bet­ter sup­port the giant web pub­lish­ing plat­form, it had stayed clear of any secu­ri­ty vul­ner­a­bil­i­ties — unlike Word­Press and its themes- up till now.

In an urgent secu­ri­ty noti­fi­ca­tion on its site, WP Engine announced the secu­ri­ty breach. They said, “At WP Engine we are com­mit­ted to pro­vid­ing robust secu­ri­ty. We are writ­ing today to let you know that we learned of an expo­sure involv­ing some of our cus­tomers’ cre­den­tials. Out of an abun­dance of cau­tion, we are proac­tive­ly tak­ing secu­ri­ty mea­sures across our entire cus­tomer base.”

“We have begun an inves­ti­ga­tion, how­ev­er there is imme­di­ate action we are tak­ing. Addi­tion­al­ly, there is action that requires your imme­di­ate atten­tion” said the WP Engine Team, refer­ring to the reset­ting of pass­words. “While we have no evi­dence that the infor­ma­tion was used inap­pro­pri­ate­ly, as a pre­cau­tion, we are inval­i­dat­ing the fol­low­ing five pass­words asso­ci­at­ed with your WP Engine account. This means you will need to reset each of them.”

The firm imme­di­ate­ly reached out to its clients inform­ing them of the attack and on how to guard their accounts. Users with an account at WP Engine should change their pass­word and keep a watch­ful eye over email com­ings and goings, as well as, their finan­cial trans­ac­tions.

WP Engine apol­o­gized for the attack, “We apol­o­gize for any incon­ve­nience this event may have caused. We are tak­ing this expo­sure as an oppor­tu­ni­ty to review and enhance our secu­ri­ty, and remain com­mit­ted to strong inter­nal secu­ri­ty prac­tices and process­es.”

Breaking News: Reader’s Digest and other WordPress sites are compromised

A large num­ber of Inter­net users have been infect­ed via the Angler exploit kit, after vis­it­ing com­pro­mised sites in the past week. The hack­ing cam­paign has been pushed from many Word­Press sites, most notably that of Read­er’s Digest — the pop­u­lar, month­ly fam­i­ly mag­a­zine.

Accord­ing to secu­ri­ty blog, Mal­ware­bytes, the attack con­sists of com­pro­mised Word­Press sites inject­ed with mali­cious script that launch­es anoth­er URL whose final pur­pose is to load the Angler exploit kit. Own­ers of attacked Word­Press sites should remem­ber that although the inject­ed scripts and URL’s fol­low the same pat­tern, they vary over time.

In the ini­tial inves­ti­ga­tion by Mal­ware­byte, it was found that the Necurs back­door tro­jan is loaded on the com­put­er of vis­i­tors to the infect­ed sites, deliv­ered by the Bedep tro­jan via the uploaded Angler Exploiter Kit. If you have vis­it­ed Read­er’s Digest or any oth­er com­pro­mised site, run a secu­ri­ty scan on your com­put­er.

But if you are one of the infect­ed sites, then don’t hes­i­tate in con­tact­ing us. It is our spe­cial­ty to clean up all mal­ware and hack­er attacks on Word­Press sites. We have a high­ly expe­ri­enced team who have seen all kinds of virus­es and mal­ware, and effec­tive­ly dealt with them.

In an email to SCMagazine on Tues­day, Read­er’s Digest spokesper­son Pauli Cohen said, “We became aware of the mal­ware attack last week and have been work­ing with our secu­ri­ty provider, tech­nol­o­gy part­ners and plat­form provider to inves­ti­gate the issue and per­form exten­sive secu­ri­ty checks on our web­site. At this point, we are address­ing all known vul­ner­a­bil­i­ties of the site. We take secu­ri­ty very seri­ous­ly and are tak­ing every step to ensure the integri­ty of our site.”

Although it is our spe­cial­ty to help restore secu­ri­ty to hacked Word­Press sites, we believe it is always impor­tant to guard your­self against an attack in the first place. Get­ting your site back up and run­ning is no prob­lem for us. How­ev­er once you’ve real­ized that your site has been hacked, then give us a call at +1 (650) 600‑1970 as soon as pos­si­ble to mit­i­gate the dam­age.