Second WA site hacked - but now I know why
A few weeks ago I reported that one of my WA sites had been hacked.
This was met with some degree of scepticism by some members of the Ambassadors group, stating that the WA site was unhackable because of all the extra layers of security.
My response then, as it is now, is that no amount of security will keep your site safe and you need to remain vigilant. WA's security might be awesome but the weakest link is always going to be us, the users.
Today, I discovered that my main niche site had been hacked. I only discovered it by accident when I tried to create a test sign-up on my newsletter plugin.
Unlike last time when my knee-jerk reaction was to wipe the site and rebuild it, this time I spent a little time looking at the website and identifying the real problem with a little Google help.
The short version
In this case, the hack was through a flawed plugin that I'd installed called WP GDPR Compliance. You can read the plugin author's own security update about the issue here.
Unfortunately, because I wasn't actively looking after my sites, my flawed plugin version remained available until I jumped aboard the Black Friday offer and got going again.
In short - the hack was my fault, not Wealthy Affiliate's.
The moral - keep your plugins to an absolute minimum and keep them updated.
If you want to know more details, please read on.
The symptoms
The hackers have used SQL injections to make amendments to my site's database so that visiting certain pages or plugins would result in a redirection to their malicious script hosted elsewhere.
You can quickly check if your site is infected by viewing the source code of your website (in Chrome, click on View > Developer > View Source). At the top of your site you might see something like this:
I've highlighted the malicious domain - just in case you can't read it, here's a close-up:
When I visited my site's admin page (/wp-admin), a script was displayed. I think it was supposed to have been executed but perhaps WA's security prevented that one from working.
Getting it fixed
I reported it to Site Support and they resolved the infection extremely quickly - within an hour.
This is a testament to the excellent support that Wealthy Affiliate provides and I'm glad I took advantage of the Black Friday sale on the annual membership!
The takeaway
Update your wordpress core and plugins regularly - you never know when an exploit is going to be discovered and used against your site.
I know I'm going to be a lot more vigilant.
I'm also going to be looking at removing any plugins I don't really need.
Recent Comments
135
Phew, this is so scary. I haven't understood how you can check this ?
Glad you could react and have it fixed with our great SiteSupport.
Have a nice weekend and thank you for sharing.
Anne
I discovered the hack when a link on my site didn't work correctly - I'm glad I checked the site!
It turns out that two other sites were affected with the same exploit too but Site Support have taken care of those as well. :)
Hi,
Thank you for sharing your experience with the WA community. I really appreciate this and I can take action on my plugins.
Have a great 2019!
Best wishes,
George
hey hi Phil -- ⭐️ smart move in finding the causative culprit in this case ...
really appreciate you writing about this and sharing this experience and the lesson in it to keep things well-maintained and attended to on a regular basis ...
thanks kindly & enjoy a wonderful weekend, cheerio ... 😊
Thanks Kei -
I figured I've learned my lesson so it's only right I share my foolishness with other people. :)
... sheeze -- no such thing as 'foolishness' here! ...
same as no such thing as 'silly-putty' questions! ...
... we're all learning here and frankly, we're all pretty much in the same boat -- maybe just using slightly different set of oars to get around .... lol .... which means i'm doing terribly as i just can't deal with 'oars! ...
enjoy it all! ... thanks so much once again for sharing....😊
Hi Phil,
First of all, sorry to hear that your site had been hacked. I sounds scary.
Secondly, thank you for sharing this with the community, at least we are aware the risk that comes with themes and plugin use on our site.
Thankfully, our site-support did a great job to get rid of the malicious Spyware.
I really hope there is no monetary lost on your part.
Hope everything is well now.
Joe:)
I'm only just starting to get traffic on my niche site so I've probably not lost any money, just time.
This is something I'm going to watch out for in the future though - my site's traffic IS starting to grow so I could lose money if I don't keep my site up to date in the future.
I am relieve to know there was no monetary lost Phil.
It's good you detected it earlier when your site starting to get traffic.
Joe:)
I am glad you got this resolved.
I wasn't as fortunate.
Wish I had seen this before I deleted my website. I had a website hacked and malware inserted that redirected my site to a clickbait site.
In my case, site support was not all that supportive of identifying the source or fixing the problem. So after a week of my site going down daily, I just deleted the site.
I can sympathise because that's what I did with the first site that I discovered. I wiped it and started again (after exporting the posts so I could re-import them).
This time I was a bit more curious about the source of the infection and I feel much happier knowing where it came from! :)
See more comments
Hi Phil, first up welcome back and best wishes as you reconnect.
I have to agree with you, we are the weakest link in the chain, it can be so easy to compromise a website via a third party plugin.
Thanks for sharing your experience and raising awareness. It does pay to research a plugin prior to uploading.
Site support can be so helpful in these situations.
Alex
Site support did an excellent job of removing the malicious inserts and I removed the extra admin accounts that had been created.
I guess it's a lesson that I need to keep checking my sites even if I'm too busy to work on them. :)
Too true Phil, a lesson for us all it can be easy to overlook the site maintenance and it is something that we should get into the habit of, thanks for sharing and for the reminder.