{"id":22904,"date":"2015-06-16T23:11:56","date_gmt":"2015-06-17T03:11:56","guid":{"rendered":"http:\/\/www.andysowards.com\/blog\/?p=22904"},"modified":"2016-09-27T11:56:43","modified_gmt":"2016-09-27T15:56:43","slug":"infected-wordpress-plugins","status":"publish","type":"post","link":"https:\/\/www.andysowards.com\/blog\/2015\/infected-wordpress-plugins\/","title":{"rendered":"Infected WordPress Plugins and What To Do About Them"},"content":{"rendered":"<p>It\u2019s been a rough year for WordPress. The world\u2019s most popular blogging system has been the repeated target of hackers intent on exploiting weaknesses among its tens of thousands of plugins. Some attempts have been wickedly successful. Others pathetically parasitic but ultimately benign. The story begins fourteen months ago, and lessons can be learned from its array of mischief and cyber cunning. <\/p>\n<p>It\u2019s only a question of whether or not those dependent on vulnerable WordPress plugins will heed the warnings and become proactive about their cyber security in time for the next attack.<\/p>\n<h2>The WordPress Phishing Fiasco<\/h2>\n<p><a href=\"https:\/\/blog.sucuri.net\/2014\/10\/phishing-with-help-from-compromised-wordpress-sites.html\" target=\"_blank\"><img decoding=\"async\" data-src=\"https:\/\/www.andysowards.com\/blog\/assets\/phishing-with-help-from-compromised-wordpress-site-680x415.png\" alt=\"phishing-with-help-from-compromised-wordpress-site\" width=\"680\" height=\"415\" class=\"alignnone size-large wp-image-22907 lazyload\" src=\"data:image\/svg+xml;base64,PHN2ZyB3aWR0aD0iMSIgaGVpZ2h0PSIxIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciPjwvc3ZnPg==\" style=\"--smush-placeholder-width: 680px; --smush-placeholder-aspect-ratio: 680\/415;\" \/><\/a><br \/>\n<em>Phishing with help from Compromised WordPress Sites<\/em><\/p>\n<p>Roughly 12,000 WordPress installations were found to be hosting malware in February, 2014, according to <a href=\"http:\/\/www.csoonline.com\/article\/2137056\/social-engineering\/12-000-phishing-sites-hosted-on-compromised-wordpress-installs.html\" target=\"_blank\">cyber security news source CSO<\/a>. The phishing attacks launching from these add-ons targeted Apple and PayPal accounts by encouraging users to login and provide credit card information. After the prompt screen was closed users were sent to the actual Apple or PayPal websites. Fix updates were immediately deployed, but the weaknesses of web-based development platforms had been exposed for the world to see.<\/p>\n<p>Cyber-security professionals and hackers-for-hire have been busy assisting developers better protect their sites ever since. It seemed so far so good leading all the way into 2015. But while WordPress-based users and developers began to start sleeping easy, opposing agents were simply laying low to gear up for the next generation of CMS-focused attack.<\/p>\n<h2>The SEO Plugin Breach<\/h2>\n<p><a href=\"http:\/\/www.smashingmagazine.com\/2012\/10\/09\/four-malware-infections-wordpress\/\" target=\"_blank\"><img decoding=\"async\" data-src=\"https:\/\/www.andysowards.com\/blog\/assets\/wordpress-security.jpg\" alt=\"wordpress-security\" width=\"550\" height=\"380\" class=\"alignnone size-full wp-image-22908 lazyload\" src=\"data:image\/svg+xml;base64,PHN2ZyB3aWR0aD0iMSIgaGVpZ2h0PSIxIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciPjwvc3ZnPg==\" style=\"--smush-placeholder-width: 550px; --smush-placeholder-aspect-ratio: 550\/380;\" \/><\/a><br \/>\n<em>Common WordPress Malware Infections<\/em><\/p>\n<p>Things got taken up another level in March of this year when hackers performed a successful Blind SQL Injection on an SEO plugin used by over 14 million people. According to <a href=\"http:\/\/searchengineland.com\/yoast-wordpress-seo-plugin-vulnerable-to-hackers-216656\" target=\"_blank\">news site SearchEngineLand<\/a> this sort of attack leads to a full-on data breach, in that unauthorized users are able to manipulate and control the data itself. Additionally, hackers using the Blind SQL Injection tactic can slip just about any kind of malware or spam they want onto compromised websites.<\/p>\n<p>It\u2019s been a wake-up call to anyone and everyone with a tie to WordPress and her many, many plugins. <a href=\"http:\/\/w3techs.com\/technologies\/overview\/content_management\/all\/\" target=\"_blank\">One-fifth of the top one-percent<\/a> most popular websites on the worldwide web use WordPress as their chosen content management system. Breaches in plugins are no small spectacle when global user activity is taken into account. <\/p>\n<p>Experts consistently recommend users and businesses opt for comprehensive Internet security software specifically designed to monitor and evolve with the changing face of malware. It\u2019s the first and most important step in proactively protecting against any cyber threat, let alone those which threaten the CMS your company or brand depends on for its existence.<\/p>\n<h2>Bad Actors<\/h2>\n<p><a href=\"http:\/\/www.elegantthemes.com\/blog\/tips-tricks\/how-to-scan-your-wordpress-website-for-hidden-malware\" target=\"_blank\"><img decoding=\"async\" data-src=\"https:\/\/www.andysowards.com\/blog\/assets\/defacement-example.jpg\" alt=\"defacement-example\" width=\"600\" height=\"470\" class=\"alignnone size-full wp-image-22909 lazyload\" src=\"data:image\/svg+xml;base64,PHN2ZyB3aWR0aD0iMSIgaGVpZ2h0PSIxIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciPjwvc3ZnPg==\" style=\"--smush-placeholder-width: 600px; --smush-placeholder-aspect-ratio: 600\/470;\" \/><\/a><br \/>\n<em>How To Scan Your WordPress Website For Hidden Malware<\/em><\/p>\n<p>A somewhat less threatening but more newsworthy attack on WordPress plugins came in early April at the hands of hackers associating themselves with the militant group calling itself the Islamic State, otherwise known as ISIS. <a href=\"http:\/\/www.forbes.com\/sites\/thomasbrewster\/2015\/04\/08\/fake-isis-hackers-exploiting-wordpress\/\" target=\"_blank\">According to Forbes<\/a> the FBI doesn&#8217;t actually think the cyber attackers are linked to the infamous Iraq and Syrian-based organization, but are merely sympathizers living elsewhere. The attacks, little more than implants of pro-ISIS, anti-West messages, were achieved by exploiting &#8211; you guessed it &#8211; weaknesses in WordPress plugins.<\/p>\n<h2>Good Solutions<\/h2>\n<p><a href=\"http:\/\/krischase.com\/how-to-find-and-clean-up-infected-wordpress-files-over-ssh\/\" target=\"_blank\"><img decoding=\"async\" data-src=\"https:\/\/www.andysowards.com\/blog\/assets\/how-to-find-and-clean-up-infected-wordpress-files-over-ssh-680x210.png\" alt=\"how-to-find-and-clean-up-infected-wordpress-files-over-ssh\" width=\"680\" height=\"210\" class=\"alignnone size-large wp-image-22910 lazyload\" src=\"data:image\/svg+xml;base64,PHN2ZyB3aWR0aD0iMSIgaGVpZ2h0PSIxIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciPjwvc3ZnPg==\" style=\"--smush-placeholder-width: 680px; --smush-placeholder-aspect-ratio: 680\/210;\" \/><\/a><br \/>\n<em>HOW TO FIND AND CLEAN UP INFECTED WORDPRESS FILES OVER SSH<\/em><\/p>\n<p>As mentioned earlier, protection against these sorts of CMS-based attacks starts with self-updating, 24-hour monitoring malware protection. Updates are essential. It\u2019s often literally a race of minutes between coders and criminals when it comes to developing measures and countermeasures to the inherent weaknesses found in every sophisticated piece of software. WordPress and her many plugins are not an exception, it\u2019s a wide world of mostly amateurishly guarded web-based services many tech business leaders take for granted. Don\u2019t assume the protection exists already &#8211; take charge of it on your own.<\/p>\n<p>The tough run-in with illicit activity on the part of WordPress over the last year has been an alarm bell for anyone getting too comfortable with their base-protected content management systems. Gear up to ensure your data and the data of your customers and clients isn\u2019t compromised thanks to a weakness built deep into the code of a popular but amateurishly built plugin.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>It\u2019s been a rough year for WordPress. The world\u2019s most popular blogging system has been the repeated target of hackers intent on exploiting weaknesses among its tens of thousands of<\/p>\n","protected":false},"author":1,"featured_media":22908,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_bbp_topic_count":0,"_bbp_reply_count":0,"_bbp_total_topic_count":0,"_bbp_total_reply_count":0,"_bbp_voice_count":0,"_bbp_anonymous_reply_count":0,"_bbp_topic_count_hidden":0,"_bbp_reply_count_hidden":0,"_bbp_forum_subforum_count":0,"footnotes":""},"categories":[537,109,4207,4206,5695,225,1,5633,107,6],"tags":[5891,988,352,8,177,2896,2149,5880,371,2460,613,943],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v23.5 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Infected Wordpress Plugins and What To Do About Them<\/title>\n<meta name=\"description\" content=\"It\u2019s been a rough year for WordPress. The world\u2019s most popular blogging system has been the repeated target of hackers intent on exploiting weaknesses\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.andysowards.com\/blog\/2015\/infected-wordpress-plugins\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Infected Wordpress Plugins and What To Do About Them\" \/>\n<meta property=\"og:description\" content=\"It\u2019s been a rough year for WordPress. The world\u2019s most popular blogging system has been the repeated target of hackers intent on exploiting weaknesses\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.andysowards.com\/blog\/2015\/infected-wordpress-plugins\/\" \/>\n<meta property=\"og:site_name\" content=\"Daily Business Resources for Entrepreneurs, Web Designers, &amp; Creatives by Andy Sowards\" \/>\n<meta property=\"article:publisher\" content=\"http:\/\/facebook.com\/andysowardsfan\" \/>\n<meta property=\"article:published_time\" content=\"2015-06-17T03:11:56+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2016-09-27T15:56:43+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.andysowards.com\/blog\/assets\/wordpress-security.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"550\" \/>\n\t<meta property=\"og:image:height\" content=\"380\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Andy Sowards\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@andysowards\" \/>\n<meta name=\"twitter:site\" content=\"@andysowards\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Andy Sowards\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.andysowards.com\/blog\/2015\/infected-wordpress-plugins\/\",\"url\":\"https:\/\/www.andysowards.com\/blog\/2015\/infected-wordpress-plugins\/\",\"name\":\"Infected Wordpress Plugins and What To Do About Them\",\"isPartOf\":{\"@id\":\"https:\/\/www.andysowards.com\/blog\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.andysowards.com\/blog\/2015\/infected-wordpress-plugins\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.andysowards.com\/blog\/2015\/infected-wordpress-plugins\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.andysowards.com\/blog\/assets\/wordpress-security.jpg\",\"datePublished\":\"2015-06-17T03:11:56+00:00\",\"dateModified\":\"2016-09-27T15:56:43+00:00\",\"author\":{\"@id\":\"https:\/\/www.andysowards.com\/blog\/#\/schema\/person\/2e0f72bd7f6497fd883e2bd67d9f3415\"},\"description\":\"It\u2019s been a rough year for WordPress. The world\u2019s most popular blogging system has been the repeated target of hackers intent on exploiting weaknesses\",\"breadcrumb\":{\"@id\":\"https:\/\/www.andysowards.com\/blog\/2015\/infected-wordpress-plugins\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.andysowards.com\/blog\/2015\/infected-wordpress-plugins\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.andysowards.com\/blog\/2015\/infected-wordpress-plugins\/#primaryimage\",\"url\":\"https:\/\/www.andysowards.com\/blog\/assets\/wordpress-security.jpg\",\"contentUrl\":\"https:\/\/www.andysowards.com\/blog\/assets\/wordpress-security.jpg\",\"width\":550,\"height\":380},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.andysowards.com\/blog\/2015\/infected-wordpress-plugins\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.andysowards.com\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Infected WordPress Plugins and What To Do About Them\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.andysowards.com\/blog\/#website\",\"url\":\"https:\/\/www.andysowards.com\/blog\/\",\"name\":\"Daily Business Resources for Entrepreneurs, Web Designers, &amp; Creatives by Andy Sowards\",\"description\":\"Design Inspiration &amp; Business Resources for Creatives\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.andysowards.com\/blog\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.andysowards.com\/blog\/#\/schema\/person\/2e0f72bd7f6497fd883e2bd67d9f3415\",\"name\":\"Andy Sowards\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.andysowards.com\/blog\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/15f95b011563b5894883b22bd4b32d59?s=96&r=pg\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/15f95b011563b5894883b22bd4b32d59?s=96&r=pg\",\"caption\":\"Andy Sowards\"},\"description\":\"Im a professional Freelancer specializing in Web Developer, Design, Programming web applications. Im an Avid member of the Design\/Development community and a Serial Blogger. follow me on Twitter @AndySowards\",\"sameAs\":[\"https:\/\/www.andysowards.com\"],\"url\":\"https:\/\/www.andysowards.com\/blog\/author\/admin\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Infected Wordpress Plugins and What To Do About Them","description":"It\u2019s been a rough year for WordPress. The world\u2019s most popular blogging system has been the repeated target of hackers intent on exploiting weaknesses","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.andysowards.com\/blog\/2015\/infected-wordpress-plugins\/","og_locale":"en_US","og_type":"article","og_title":"Infected Wordpress Plugins and What To Do About Them","og_description":"It\u2019s been a rough year for WordPress. The world\u2019s most popular blogging system has been the repeated target of hackers intent on exploiting weaknesses","og_url":"https:\/\/www.andysowards.com\/blog\/2015\/infected-wordpress-plugins\/","og_site_name":"Daily Business Resources for Entrepreneurs, Web Designers, &amp; Creatives by Andy Sowards","article_publisher":"http:\/\/facebook.com\/andysowardsfan","article_published_time":"2015-06-17T03:11:56+00:00","article_modified_time":"2016-09-27T15:56:43+00:00","og_image":[{"width":550,"height":380,"url":"https:\/\/www.andysowards.com\/blog\/assets\/wordpress-security.jpg","type":"image\/jpeg"}],"author":"Andy Sowards","twitter_card":"summary_large_image","twitter_creator":"@andysowards","twitter_site":"@andysowards","twitter_misc":{"Written by":"Andy Sowards","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/www.andysowards.com\/blog\/2015\/infected-wordpress-plugins\/","url":"https:\/\/www.andysowards.com\/blog\/2015\/infected-wordpress-plugins\/","name":"Infected Wordpress Plugins and What To Do About Them","isPartOf":{"@id":"https:\/\/www.andysowards.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.andysowards.com\/blog\/2015\/infected-wordpress-plugins\/#primaryimage"},"image":{"@id":"https:\/\/www.andysowards.com\/blog\/2015\/infected-wordpress-plugins\/#primaryimage"},"thumbnailUrl":"https:\/\/www.andysowards.com\/blog\/assets\/wordpress-security.jpg","datePublished":"2015-06-17T03:11:56+00:00","dateModified":"2016-09-27T15:56:43+00:00","author":{"@id":"https:\/\/www.andysowards.com\/blog\/#\/schema\/person\/2e0f72bd7f6497fd883e2bd67d9f3415"},"description":"It\u2019s been a rough year for WordPress. The world\u2019s most popular blogging system has been the repeated target of hackers intent on exploiting weaknesses","breadcrumb":{"@id":"https:\/\/www.andysowards.com\/blog\/2015\/infected-wordpress-plugins\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.andysowards.com\/blog\/2015\/infected-wordpress-plugins\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.andysowards.com\/blog\/2015\/infected-wordpress-plugins\/#primaryimage","url":"https:\/\/www.andysowards.com\/blog\/assets\/wordpress-security.jpg","contentUrl":"https:\/\/www.andysowards.com\/blog\/assets\/wordpress-security.jpg","width":550,"height":380},{"@type":"BreadcrumbList","@id":"https:\/\/www.andysowards.com\/blog\/2015\/infected-wordpress-plugins\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.andysowards.com\/blog\/"},{"@type":"ListItem","position":2,"name":"Infected WordPress Plugins and What To Do About Them"}]},{"@type":"WebSite","@id":"https:\/\/www.andysowards.com\/blog\/#website","url":"https:\/\/www.andysowards.com\/blog\/","name":"Daily Business Resources for Entrepreneurs, Web Designers, &amp; Creatives by Andy Sowards","description":"Design Inspiration &amp; Business Resources for Creatives","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.andysowards.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/www.andysowards.com\/blog\/#\/schema\/person\/2e0f72bd7f6497fd883e2bd67d9f3415","name":"Andy Sowards","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.andysowards.com\/blog\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/15f95b011563b5894883b22bd4b32d59?s=96&r=pg","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/15f95b011563b5894883b22bd4b32d59?s=96&r=pg","caption":"Andy Sowards"},"description":"Im a professional Freelancer specializing in Web Developer, Design, Programming web applications. Im an Avid member of the Design\/Development community and a Serial Blogger. follow me on Twitter @AndySowards","sameAs":["https:\/\/www.andysowards.com"],"url":"https:\/\/www.andysowards.com\/blog\/author\/admin\/"}]}},"amp_enabled":true,"_links":{"self":[{"href":"https:\/\/www.andysowards.com\/blog\/wp-json\/wp\/v2\/posts\/22904"}],"collection":[{"href":"https:\/\/www.andysowards.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.andysowards.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.andysowards.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.andysowards.com\/blog\/wp-json\/wp\/v2\/comments?post=22904"}],"version-history":[{"count":0,"href":"https:\/\/www.andysowards.com\/blog\/wp-json\/wp\/v2\/posts\/22904\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.andysowards.com\/blog\/wp-json\/wp\/v2\/media\/22908"}],"wp:attachment":[{"href":"https:\/\/www.andysowards.com\/blog\/wp-json\/wp\/v2\/media?parent=22904"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.andysowards.com\/blog\/wp-json\/wp\/v2\/categories?post=22904"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.andysowards.com\/blog\/wp-json\/wp\/v2\/tags?post=22904"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}