Tag Archives: GDPR

WordPress GDPR Compliance Plugin Hacked

IRONY: /’irænē/ Noun. A state of affairs or an event that seems deliberately contrary to what one expects and is often amusing* as a result.

The European Union passed laws earlier in 2017 and 2018 to help protect consumers’ personal data online. The EU General Protection Data Regulation (GDPR) is supposed to make companies gather consent to use people’s information and protecting it from scammers and identity thieves.

WP GDPR compliance plugin

WordPress offered a GDPR plugin to allow website owners to add a checkbox to their sites. This allowed users of the website to give permission to the website owners to use their data for a defined purpose. Website users were given the opportunity to request copies of the information that the website had gathered about them.

Where the Problem Started

Through the use of an admin-ajax.php file, the users’ browsers connect with the WordPress server. Ajax is a combination of JavaScript and XML technology which creates user-friendly interfaces. The Ajax system has been around for a while in WordPress and allows the Content Management System (CMS) to perform auto-saving functions more efficiently along with better revision tracking and other benefits.

The GDPR plugin can allow users to configure it through the admin-ajax.php file, which is where the hackers found a chink in the armor, so to speak. Identity thieves can use the file to send bad commands, which the plugin stores and executes, allowing the attackers to use WordPress for their own malicious ends.

How Attackers Exploit the Plugin

According to Wordfence, the WordPress security firm, the attackers are using the plugin in two ways.

  1. website hackedAttackers create administrative accounts by allowing new users to register. They use these accounts, altering a setting to automatically make them administrators. Once they are an administrator, they install a plugin that infects the site with malware. The hackers installed a PHP web shell, giving them remote admin capabilities on the web server. This provides them with terminal access and a file manager.
  2. The hackers upload scripted tasks that are scheduled via WP-Cron. The Cron is a task scheduling program commonly used in Unix systems and how WordPress handles scheduled activities. This attack uses the e-commerce plugin WooCommerce, a plugin that WP GDPR Compliance supports. The attackers hijacked a function of WooCommerce to install an additional plugin called 2MB Autocode. This hack would allow administrators to put their own PHP code into WordPress posts. The hackers would use this code to download code from yet another site. Once this was completed, the 2MB Autocode would delete itself, making it difficult to trace the problem.

In regards to the second attack, Wordfence couldn’t find any signs of malicious code in connection to the hack, but warn that the hackers may be lying in wait for things to cool down before they made their next move. According to Wordfence’s warning: “It’s possible that these attackers are stockpiling infected hosts to be packaged and sold wholesale to another actor who has their own intentions. There’s also the chance that these attackers do have their own goals in mind, but haven’t launched that phase of the attack yet.”

Flaw Has Been Fixed

The developers of the WP GDPR Compliance plugin have fixed the flaw and the plugin has been restored to the WordPress directory. Unfortunately, it wasn’t caught in time for a lot of website owners who are now cleaning up hacked sites and trying to rid their sites of the malicious code.

If you suspect that your site has been hacked or corrupted by a hacker, contact the experts at WTI to help you get your site healthy and back online.

*No one involved with cleaning up the WP GDPR Compliance exploitation found this amusing.

Google’s New Data Retention Rules Going into Effect This May

There are new rules going into effect this May related to how Google stores your user and event data in Google Analytics. Due to Europe’s new data protection rules (GDPR) Google is making these changes. If you are a Google Analytics Admin you should have this email in your inbox from this past week!

Google Data Retention

If you are an SEO client we will update this setting for you or you can contact us if you are interested in having us update this setting for you.

You may want to consider updating your website privacy policy as well.

WTI will provide a basic framework Privacy Policy for your website if you are a current SEO or Web Maintenance client. You, as the client, will be responsible for keeping the Privacy Policy updated with current regulations. Any changes you require for your Privacy Policy will need to be submitted to our team so WTI can update your website with the content.

If you are not a current SEO or Web Maintenance client with WTI and you have a GDPR compliant privacy policy and you would like WTI to update your website, please contact brandy@websitestoimpress.com or call 309-489-0026.