by | Web Hosting & Email Hosting, WordPress Tips |

We have seen several WordPress sites that have been hacked / defaced today.  The hacks are unusual in that the WordPress sites are clean.  No malicious code and malware scans are clean.  The hack involves a security bug in WordPress 4.7 that was released with the software.  Updating to WordPress 4.7.2 will fix the issue.

If your WordPress site was hacked you will see your latest blog post has hacked content in it.  Simply delete the blog post or edit it and delete the hacked content.  Then upgrade your WordPress site to 4.7.2.

If you are an IDP managed WordPress customer you do not need to do anything we will do this for you as part of your web hosting.

You can read more about this issue from Sucuri

https://blog.sucuri.net/2017/02/content-injection-vulnerability-wordpress-rest-api.html

We highly recommend Sucuri WordPress plugin and other security services.  We ran a server side Sucuri scan just to be sure there are no malicious files involved in this attack.  The sites are clean.  This is a remote injection hack only and was fixed by WordPress with release of 4.7.2

More information from other WordPress developers can be found on this thread

https://wordpress.org/support/topic/wordpress-4-7-1-hacked-by-ng689skw/

Web Design and WordPress Support Services

Do you need help with your WordPress site security?  Contact Kansas City Web Design

 

Monte is one of the original founders of the company in 2003. Monte is a creative talent with 20 years experience in web design and information technology. He works with clients on a daily basis to develop, maintain and market their web sites. Monte is also in charge of the web hosting environment and server administration duties for the company.

Share this: