18.104.22.168.11. Popular plugin vulnerabilities
In February-March 2020, vulnerabilities were found in very popular plugins:
- Duplicator... The vulnerability found allows you to get a configuration file or any other site file, which in turn can almost completely open access to site management and changes.
There are also many other plugins in which vulnerabilities have been found. We recommend that you check the security of your site by checking for vulnerabilities for the themes and plugins used. We also strongly recommend not to use third-party developments or copies of paid extensions.
Information about the vulnerabilities found in plugins can be found, for example, on the following sites:
- WordPress Vulnerabilities — found vulnerabilities in WordPress plugins and themes.
- WordFence — found vulnerabilities CMS WordPress and related products.
- CVE — found vulnerabilities CMS WordPress and related products.
At the moment, the most common consequence of a hack is the installation of a redirect to third—party sites. If you have the specified plugins or you suspect that your site may have been hacked, we recommend that you follow the steps to elimination of vulnerabilities.
Warning!This article provides only general recommendations for troubleshooting. We strongly recommend contacting specialists in the field of site development to restore the functionality and ensure the security of the site.
To eliminate the problems that have arisen, we strongly recommend that you follow the following steps:
- Temporarily block access to the site for troubleshooting steps:
- Create a backup copy of the site and database with the current state in case of problems in restoring the site's health.
- Produce reinstallation core WordPress.
- Change the site urlif it was affected and a redirect to third-party sites occurs.
- Update plugins on the site to the latest version.
- Change the passwords of the connected database and FTP-users:
- Change user password FTP and update them if used anywhere on the site.
- Disable the restriction of access to the site, depending on the selected method from paragraph 1.
- Analyze access logs for suspicious requests. In the search box, enter URL
wp-config.phpand check the logs for the last few weeks / months. If similar requests are found, then you should consider the possibility access restrictions for the IP addresses from which they were executed.