Call us now Email a specialist
+353 1 6420100 | info@ward.ie
  • Resources
  • Blogs
  • Insights

    WordPress hack and next steps

    On Tuesday morning, it was announced that WordPress, the blog sharing website that is used by more than one quarter of the web, had been hacked by a known perpetrator identifying as “MuhmadEmad” who has previously targeted a number of high-profile websites. Several hundred Irish websites fell victim to the attack, including ones linked to Irish Distillers, advertising agency JCDecaux, the Federation of Irish Sport, schools across Dublin and Donegal, and a modelling agency.

    Having gained access to these websites, the hacker then posted a signature message in support of Kurdish anti-ISIS forces[1]. It is anticipated that many more Irish websites are vulnerable.

    In January, WordPress, reported to have a 59.4% of the worldwide market share in Content Management, issued an advisory note disclosing multiple vulnerabilities identified in WordPress V4.7.1 and earlier.
    On January 26th, 2017, the company released a patch, V4.7.2, to address these vulnerabilities, advising that all customers update their versions of WordPress immediately. The following vulnerabilities were reported to WordPress from various sources; additional details may be found on the official WordPress advisory note[2]:

    • Users who do not have correct permission are being shown the user interface for assigning taxonomy terms.
    • When passing unsafe data WP_Query is vulnerable to a SQL injection (SQLi). While WordPress Core is not directly vulnerable to this issue, some plugins and themes may introduce the vulnerability
    • A cross-site scripting (XSS) vulnerability was identified in the posts list table

    However, WordPress delayed disclosing an additional vulnerability until February 1st to allow users running automatic updates time to patch their WordPress versions to 4.7.2, thereby reducing the scope of potential targets for any would-be attackers. As is clear from this attack, this unauthenticated privilege escalation vulnerability, which was identified in a REST API endpoint,[3] has now been exploited in the wild.

    Ward Solutions strongly recommends that all customers using WordPress immediately review their websites for vulnerability to the above-listed exploits and patch to v4.7.2 as soon as possible. Details on how to upgrade WordPress are available on the advisory notice issued by the company. If you suspect that your website is vulnerable to attack, we recommend that you carry out a pen test as soon as possible.
    If you have any concerns regarding WordPress or other potential weaknesses in your IT security, talk to the experts. Contact Ward Solutions today at sales@ward.ie or call us on +353 1 642 0100 to find out how we can help you harden and secure your website and your information security infrastructure.

    [1] http://www.irishtimes.com/business/economy/anti-isis-kurdish-hacker-targets-ntma-website-1.2965251
    2 https://wordpress.org/news/2017/01/wordpress-4-7-2-security-release/
    3 https://make.wordpress.org/core/2017/02/01/disclosure-of-additional-security-fix-in-wordpress-4-7-2/