Don't Gamble With Plugins!

blog cover image
58
6.6K followers
Updated

Hi, WA Friends

Don't gamble with WordPress Plugins. In my case, a plugin literally created a gambling issue! Let me explain.

My guitar site was hacked by a casino business, most likely by a bot. So, here's the very short version of what happened.

GSC alerted me that an application had been made as a new owner for my guitar website. I checked the GSC "Users and Permissions" area, as well as the Google Website Central, for verification attempts, but it all looked legit.

Upon further investigation, I found a plugin in my WordPress back office that I didn't install. It was a sitemap plugin that contained thousands of URLs for various casino-related content pointing to my website. The casino URLs were appended to the end of the URL list on my sitemap.

I changed my WordPress and Google account passwords and notified Site Support. However, they felt my site was hacked through a plugin vulnerability, not a password breach.

It just so happened that I installed the Sassy Social Share plugin one day before the hack. Although I can't prove it was that plugin, it deleted it and several other plugins I didn't absolutely need.

Site Support removed the rogue WP Sitemap plugin, sanitized my site, and restored my sitemap.

Now what I'm left with is about 1,200 "Unparsable structured data" errors and 1,500 indexed URLs in GSC, all pertaining to the casino hack. I submitted my restored sitemap as soon as possible, and I'm working with Kyle, who suggested I wait a few days to see what happens.

In the meantime, I have been doing some research and found this link:
https://developers.google.com/...

My biggest concern is that Google will mark my domain as a dangerous hacked site and kill my traffic, which I have been monitoring closely.

The moral of the story is to keep your WordPress plugins to a minimum and ensure they are updated since many updates address security vulnerabilities.

Most likely, there are some plugins you can do without, so get in there and do some early spring cleaning!

I would appreciate any suggestions and comments from the WA community.

Rock On! 🤘
Frank 😎🎸

Login
Create Your Free Wealthy Affiliate Account Today!
icon
4-Steps to Success Class
icon
One Profit Ready Website
icon
Market Research & Analysis Tools
icon
Millionaire Mentorship
icon
Core “Business Start Up” Training

Recent Comments

141

Posido on paras vedonlyöntisivusto, jota olen koskaan käyttänyt. Urheilu- ja vedonlyöntisivustojen valikoima https://posido.com/fi/live-casino/roulette on hämmästyttävä ja live-vedonlyöntivaihtoehdot ovat loistavat. Sivusto on erittäin käyttäjäystävällinen ja bonukset ja tarjoukset ovat todella anteliaita. Maksut ovat nopeita ja turvallisia ja minun ei tarvitse koskaan huolehtia siitä, että odotan voittoja. Suosittelen!

Not a good experience for you. I have Sassy Social install on my sites but haven´t experienced this myself on my sites.

Did you use an updated version of the plugin? It had an issue with cross-scripting, but according to iThemes and The weekly WordPress Vulnerability Report published there ( as of 4th January 2023) the issue is patched and fixed.

Roy

Hi, Roy

Yes, I installed Sassy Social Share the night before, on January 11th, and I’m sure it was the latest version.

I just tried subscribing to that vulnerability report, but the opt-in first name and email address form freezes up.

I tried to sing up for the newletter too, but it freezes up for me as well.

I'll try again in a few days. 😎

Hi Frank. How frustrating for you.

It's possible for sure to be a plugin. I had a barebones author website years ago and used a security on it called Wordfence.

I still get emails from them all these years later, and every now and again a hack is caused by a hacker buying a reputable plugin so they can inject their code through it.

I would definitely keep watching. I would suggest if you are one of those who makes their own backup to check through them to see if you can isolate what day it happened.

Also, there is an off chance you were personally hacked and they obtained your credentials with some form of key logger. I would also run a malware/virus scan on your own computer as well. Best if done in safe mode.

If you have any accounts that keep a log of your locations when you log in, I would also check those to see if you have logged in from strange places. Or had any email accounts added as "backup" email accounts.

One trick I saw someone using years ago if you are into the whole crypto thing (I'm not personally) was they would leave a wallet address on their desktop with a couple dollars worth in it. If it got emptied they knew they had a hacker.

Best of luck, and keep us posted on this.

Regards,

Jason

Hi, Jason

Thanks for all the great suggestions. I’ve already gone several of the things you’ve suggested.

I’m hoping that this will be the end of it.

Frank

Hi Frank

Sorry about what happened to your site. It can be a real pain. You seem to be sorting it out in a logical step by step way. Do you have a recent backup of your site, preferably before the casino "poisoning"? If you did it might provide a quicker way back to a clean site?

Hope the restoration goes well.

The server side (WordPress) has been restored.

There’s some issues with GSC and plans for this are pending.

I appreciate your interest! 😎

Frank

Oh my God! I am really sorry about your experience. I hope you find a way to resolve this as soon as possible. And that it does not affect your traffic significantly. Since last week, I resolved that my plugins would not be more than 3 anymore. I only need speed and security. That is just all that I focus on now. Wish you the best, please.

Thanks so much, Isah! 😎

Frank 🎸

See more comments

Login
Create Your Free Wealthy Affiliate Account Today!
icon
4-Steps to Success Class
icon
One Profit Ready Website
icon
Market Research & Analysis Tools
icon
Millionaire Mentorship
icon
Core “Business Start Up” Training