WordPress hacks – advice and how to stay safe

WordPress, the well-known content management system used to publish websites and blogs has suffered a major security breach. But this isn’t the first time. Users and business owners should be aware of the prevalence of cybersecurity attacks, even on respected platforms such as WordPress, and be security-first, alert and enlist good IT support if something goes wrong.

Find out more about the WordPress hack and what WordPress users and administrators can do to stay safe.

Over 17.000 website compromised this September

Over 17,000 WordPress websites have recently undergone a security breach (September 2023) due to a malware, known as Balada Injector.

This isn’t the first time WordPress sites have suffered security breaches, but, notably, the number of detections this time is twice the number found in August 2023.

Hack history

One of the earliest malware attacks of WordPress was in 2017, when the themes Newspaper and Newsmag had security bugs disclosed and abused.

This latest hack operation by Balada Injector was first discovered in 2022 and found to consist of threat actors exploiting flaws in WordPress plugins to enable them to direct users of compromised sites to fake tech support pages and push notification scams, among other traps. More than a million websites have now been impacted by this criminal campaign since 2017.

The attack has been described by experts “as one of the most complex types of attacks” as it is planted in the ‘backdoor’ of the websites’ 404 error pages before it mimics the process of installing a plugin from an archive file and activating it – which many users and administrators of WordPress sites will be familiar with.

Signs your WordPress site has been hacked

Signs your WordPress site has been hacked

1.Having issues logging in 

Presuming you haven’t just forgotten your password, if you can’t login it maybe a sign hackers have removed your account. Try resetting the password and if that doesn’t work – it could be a clear sign your account is at risk.

2. Your site has changed

If content appears that you had nothing to do with, or a page has changed – this is a sign you’ve been hacked. Check for links you never added and subtle changes, as well as links to dubious sites. Always check with your administrator first to check they’ve not made any changes, before assuming it’s a hack.

3. Your site is redirecting

Hackers can use scripts to direct your users to another site – likely a site you don’t want them to visit and could be inappropriate. This is a sign of weak security on the server – always use quality hosting to avoid this.

4. Browser, host, search engine warnings

For example, Google, will often offer warnings of a compromised site, and so will hosting providers, as well as warn of unusual activity on your account. Take note of these and investigate any issues, running a full diagnostic.

Reasons WordPress sites get hacked

1. Inadequate / insecure passwords
2. Lack of updates
3. Insecure code / plugins and themes from disreputable sources
4. Lack of quality hosting

Advice for staying safe

1. Passwords must be as long, complex and secure as possible, and the same for all users. Use a password locker or vault if possible – it’s really the only way to keep passwords complex enough and secure.
2. Run all updates as soon as they’re available. If you don’t run updates, you’re potentially leaving your site open to vulnerabilities.
3. Don’t use plugins or themes, (even if they are free!) unless they’re from a reputable vendor. You could be introducing all sorts of securities anomalies to your site if you use unofficial code.

Steps to take if you think you’ve been hacked

1. First step – stay calm and put your site into maintenance mode
2. Reset all passwords
3. Update all plugins and themes
4. Check your users and remove any that look suspicious
5. Remove unwanted files and clean out the database
6. Reinstall plugins and themes
7. Reinstall WordPress itself
8. Get help from IT security professionals!

While we could advise you…

…you may just want an expert to take over. We completely understand. Getting hacked is stressful and time consuming to resolve.

We’re online security experts

Our customers benefit from top-level security measures from the start, with services that include secure hosting, system monitoring, firewalls and password management.

We’re a security first managed IT service provider, following best practice for online security as recommended by the UK’s National Cyber Security Centre. Get in touch with our security experts for assistance.

< Read more articles on our IT Academy