by Monte Persinger | Web Hosting & Email Hosting, WordPress Tips |

WordPress logo

We have seen several WordPress sites that have been hacked / defaced today.  The hacks are unusual in that the WordPress sites are clean.  No malicious code and malware scans are clean.  The hack involves a security bug in WordPress 4.7 that was released with the software.  Updating to WordPress 4.7.2 will fix the issue.

If your WordPress site was hacked you will see your latest blog post has hacked content in it.  Simply delete the blog post or edit it and delete the hacked content.  Then upgrade your WordPress site to 4.7.2.

If you are an IDP managed WordPress customer you do not need to do anything we will do this for you as part of your web hosting.

You can read more about this issue from Sucuri

https://blog.sucuri.net/2017/02/content-injection-vulnerability-wordpress-rest-api.html

We recommend the Sucuri security website protection plan

We highly recommend Sucuri WordPress plugin and other security services.  We ran a server side Sucuri scan just to be sure there are no malicious files involved in this attack.  The sites are clean.  This is a remote injection hack only and was fixed by WordPress with release of 4.7.2

How to Clean a Hacked WordPress Site

More information from other WordPress developers can be found on this thread

https://wordpress.org/support/topic/wordpress-4-7-1-hacked-by-ng689skw/

Web Design and WordPress Support Services

Do you need help with your WordPress site security?  Contact Kansas City Web Design

 


Managed WordPress Hosting

Fully Managed WordPress hosting available for $300 per year.  Host it with us and forget it.  Fully managed WordPress updates, security, backups, disaster recovery, malware monitoring and malware removal. Click below to purchase.

 

 

 

New WordPress 4.7.1 Security Hack is Loose “Hacked by NG689Skw” was last modified: January 29th, 2019 by Monte Persinger
Share This: