Tag Archives: Security

WordPress GDPR Compliance Plugin Hacked

IRONY: /’irænē/ Noun. A state of affairs or an event that seems deliberately contrary to what one expects and is often amusing* as a result.

The European Union passed laws earlier in 2017 and 2018 to help protect consumers’ personal data online. The EU General Protection Data Regulation (GDPR) is supposed to make companies gather consent to use people’s information and protecting it from scammers and identity thieves.

WP GDPR compliance plugin

WordPress offered a GDPR plugin to allow website owners to add a checkbox to their sites. This allowed users of the website to give permission to the website owners to use their data for a defined purpose. Website users were given the opportunity to request copies of the information that the website had gathered about them.

Where the Problem Started

Through the use of an admin-ajax.php file, the users’ browsers connect with the WordPress server. Ajax is a combination of JavaScript and XML technology which creates user-friendly interfaces. The Ajax system has been around for a while in WordPress and allows the Content Management System (CMS) to perform auto-saving functions more efficiently along with better revision tracking and other benefits.

The GDPR plugin can allow users to configure it through the admin-ajax.php file, which is where the hackers found a chink in the armor, so to speak. Identity thieves can use the file to send bad commands, which the plugin stores and executes, allowing the attackers to use WordPress for their own malicious ends.

How Attackers Exploit the Plugin

According to Wordfence, the WordPress security firm, the attackers are using the plugin in two ways.

  1. website hackedAttackers create administrative accounts by allowing new users to register. They use these accounts, altering a setting to automatically make them administrators. Once they are an administrator, they install a plugin that infects the site with malware. The hackers installed a PHP web shell, giving them remote admin capabilities on the web server. This provides them with terminal access and a file manager.
  2. The hackers upload scripted tasks that are scheduled via WP-Cron. The Cron is a task scheduling program commonly used in Unix systems and how WordPress handles scheduled activities. This attack uses the e-commerce plugin WooCommerce, a plugin that WP GDPR Compliance supports. The attackers hijacked a function of WooCommerce to install an additional plugin called 2MB Autocode. This hack would allow administrators to put their own PHP code into WordPress posts. The hackers would use this code to download code from yet another site. Once this was completed, the 2MB Autocode would delete itself, making it difficult to trace the problem.

In regards to the second attack, Wordfence couldn’t find any signs of malicious code in connection to the hack, but warn that the hackers may be lying in wait for things to cool down before they made their next move. According to Wordfence’s warning: “It’s possible that these attackers are stockpiling infected hosts to be packaged and sold wholesale to another actor who has their own intentions. There’s also the chance that these attackers do have their own goals in mind, but haven’t launched that phase of the attack yet.”

Flaw Has Been Fixed

The developers of the WP GDPR Compliance plugin have fixed the flaw and the plugin has been restored to the WordPress directory. Unfortunately, it wasn’t caught in time for a lot of website owners who are now cleaning up hacked sites and trying to rid their sites of the malicious code.

If you suspect that your site has been hacked or corrupted by a hacker, contact the experts at WTI to help you get your site healthy and back online.

*No one involved with cleaning up the WP GDPR Compliance exploitation found this amusing.

The Facts About Website Security in 2017

website security info from 2017If you’ve ever dealt with a website hack, you know what a hassle it can be. Whether your website goes down or displays incorrect or inappropriate content, every hack is a serious headache. In May of 2018, Sucuri, one leading company when it comes to website security information, released a study with data from 2017. See the highlights below and learn what you can do to prevent hacks.

CMS Security Stats

In 2017, the three website CMS platforms most commonly infected by a hack were WordPress, Joomla!, and Magneto. Despite WordPress being known as the most popular and one of the most secure CMS platforms, especially for SEO purposes, it is also the most hacked. It is important to note, however, that most of these hacks were not due to the CMS application itself The hacks were more often the result of improper practices by webmasters, or weaknesses in extra components like plugins, extensions, and modules (Sucuri).

2017 also saw a decrease in outdated CMS platforms at the point of infection. Here is a breakdown of the number of infected sites Sucuri studied that were outdated as well as a comparison to outdated and infected sites in 2016 (Sucuri):

  • WordPress: 39.3% of infected websites studied were outdated, which is a 21% decrease from Q3 of 2016’s 61% of infected and outdated WordPress sites.
  • Joomla!: 69.8% of infected websites studied were outdated, a 15% drop from 2016.
  • Drupal: 65.3% of infected websites studied were outdated, a 15% drop from 2016.
  • Magneto: 80.3% of infected websites studied were outdated, the largest number, but still a 13% decrease since Q3 of 2016.

The key takeaway here is that even with a secure CMS, it is important to have a knowledgeable web team that can provide backup security measures.

Blacklisted Websites

When a prominent blacklist authority like Google flags a hacked website, it means that the site has been blacklisted. Blacklisting can affect Search Engine rankings as well as mediums for communication, such as email using the site domain.

In 2017, 17% of infected websites Sucuri observed were blacklisted. This is a 2% increase from Q3 of 2016. Norton and McAfee accounted for 45% of blacklisted sites, while Google Sae Browsing accounted for only 12.9% of blacklisted sites (Sucuri).

Malware

In their 2017 study, Sucuri also analyzed the different trends in Malware. See the most common malware families in 2017, along with descriptions of key families:

  • Backdoor: a method/file used to bypass typical authentication to reinfect and retain remote site access.
  • Malware: The generic term to describe browser-side code used cause damage to a computer, server, or network, often by drive-by downloads.
  • Spam-SEO: Any compromise that targets a website’s search engine optimization (SEO).
  • Other: Other popular malware families in 2017 include Mailer, Hacktool, Dropper, Defaced, and Phishing.

2017 web security chart: malware family distribution: backdoor = 71%, malware = 47%, SEO spam = 44%, other = 51.8%

Some other interesting trends in 2017 was an increase in spam SEO, and an 82% increase in the number of files cleaned from the last report in Q3 of 2016. The rise in spam SEO shows that hackers are now finding it more worthwhile to use SEO spam than malware. The increase in filed cleaned indicates a greater depth of files being affected in hacks, meaning that merely clearing one file of symptoms will likely not fix a hack entirely. The top three modified filed in hacks studied were the index.php (28$), the .htaccess (10%), and the functions.php (9%) (Sucuri).

What Can You Do? – Protect Your Site.

The bottom line here is that hackers are smart and getting smarter every day. It’s more important now than ever to make sure your website is protected.

Making smart choices to ensure your website is secure is the best way to combat the rise in hacking. Get an SSL, choose a CMS that is secure, keep your CMS updated, look into website backup systems, and purchase a security package to protect your site as well as information belonging to you and your customers.

If you are interested in learning more about the security packages that we offer for websites, give WTI a call today at 309-489-0026 or contact brandy@websitestoimpress.com.

Reference: Sucuri, 2018: https://sucuri.net/reports/2017-hacked-website-report

SSL Certificates: 3 Very Good Reasons to Get One Installed Today

To Install an SSL Certificate or Not to Install an SSL Certificate. That is the Question.

A question we have had a lot of late is whether or not there are benefits to having an SSL Certificate for your website. To push that even further, there are questions about if having an SSL is a requirement for all websites. Let us break this down for you and give you our advice.

What is an SSL Certificate?

First, let us explain what an SSL  is and what it does for your website. 

SSL CertificatesSSL stands for Secure Socket Layer. That alone means very little to anyone. It’s what the SSL certificate does that is important. A SSL certificate is a tiny data file. It’s job is to digitally bind a cryptographic key to a website. It is installed on your server and when it is installed you will see a little padlock icon in your browser by the website url. You will also notice that the prefix to the url changes from http:// to https:// to indicate that a certificate is in use.

It ensure people that their connection to your website is secure, or safe. The cryptographic key is used to encrypt all transmitted data from the website. It also authenticates the identity of the website it is installed on. It is sometimes called a digital certificate. So, in simple terms, it makes things safe and gives people a warm fuzzy feeling when they come to your website.

A SSL certificate sounds pretty great right? What would be the downside? It does cost a bit extra to have one installed and has to be renewed annually.

Online SecuritySo Should YOU have a SSL Certificate for Your Website?

The short answer is like YES.

But aside from that warm, fuzzy feeling, WHY do you need one?

REASON NUMBER ONE: Search engines like Google may rank your website better if you have one installed. Back in 2014, Google indicated them as a ranking factor for SEO. This is one VERY good reason to have one installed. Read more about this revelation by clicking HERE.

bovv

The above message is available through Firefox on sites without SSL Certificates.

REASON NUMBER TWO: There are indications that browsers will show sites as not being secure, and some browsers have already started to point it out to users visiting sites not secured with an SSL. User trust is going to become more and more important as more and more sites install SSL certificates. You don’t want to be left in the dust.

READ MORE: 31% of Websites are Now Secure

REASON NUMBER THREE: SECURITY. Simply said, we live in a time were digital security is an issue. You can help protect visitors to your website by having an SSL certificate installed.

WTI Can Help Install a SSL Certificate for Your Website

We can install and maintain your website’s SSL Certificates. We make it easy by keeping track of when it is set to expire and we will make sure it gets reinstalled annually. So maybe it is time to jump on the security bandwagon. SSL certificates go beyond banks and online stores in today’s online world. Let us help you get secure and stay that way.

 

The Benefits of WTI’s Automated Back Up & Monitoring System

Protect Your Website with Backup & Monitoring

Back Up & Monitoring Systems have two very important purposes: data recovery and cyber attack or manipulation surveillance.

Data Recoverydata recovery system Illinois, Iowa

The main purpose of our Automated Back Up & Monitoring System is to keep a “clean” copy of all data that could be used to restore the website, if ever needed. This loss can potentially occur by human error.  Have you ever accidentally deleted files, photos, or pertinent information?  If you have, then you know what a benefit it would be to be able to restore your information with a click of a button. The Automated Back Up & Monitoring System saves a copy of web files and the site’s database(s) each day for ninety days. This allows our team to click a button to restore the site back to a chosen previous state within the past ninety days.

Beyond accidental human error, a site can be automatically or manually upgraded and break in terms of structure or functionality. Many websites are based on open source software like WordPress, Joomla or Drupal. When these softwares come out with new versions, dependent on the types of changes, or the upgrades to themes, plugins or modules, it can break your site. Our Back Up & Monitoring System allows our team to take it back to a previous version to avoid site downtime and allows us to address the issues with the upgrade carefully and privately so that your customers never come in to contact with a broken or non-functioning site.

Our Back Up & Monitoring System assures that your site can be restored with minimal disruption.

Cyber Attacks or Manipulation SurveillanceData security system Illinois, Iowa

Unfortunately, all websites are vulnerable to hacking, but sometimes small businesses are even more at risk than they realize. Even though a website may have limited functionality, a weak password to a content management section can allow a hacker to destroy a website. Sites also become outdated as new browsers come out and coding best practices change, which can leave a site less protected as time goes on.

Many hackers are members of larger groups that hack websites and receive points according to the size or complexity of the website they hack. This is a cruel game, but as website owners, we need to be aware of what can happen. Choosing to use our Back Up & Monitoring System allows our team to be alerted every time your site is modified so that we can be proactive if any activity looks suspicious. If we find this to be the case, we will alert you and work on a plan together to limit the vulnerability or restore the site to a previous version, if necessary.

Our Back Up & Monitoring System allows your site to be monitored daily, protected, and prepared for any situation. It allows our team to be proactive to make sure your site is safe, instead of reactive when a problem occurs. Give us a call to get started on this affordable and important system so that you can be assured that your site is safe.