A Little Problem With The WP GDPR Compliance Plugin
Yesterday I discovered that one of my blogs (not a WA blog) had been hacked.
I use a range of security plugins on my non-WA sites to beef up security. Traffic is also passed through Coudflare which provides yet another security layer.
Yet, despite all this, my blog got hacked.
Why am I posting about a non-WA blog here?
Because the hack came through a plugin many of us here are probably using on our WA blogs - the WP GDPR Compliance plugin.
As you probably know, certain privacy and data protection regulations were enacted by the EU back in May. This means that any website, no matter where in the world it is, has to protect the data of EU citizens.
Some sites, notably in the USA, blocked access to EU residents while they figured out what to do. This is against the ethos of everything being freely available on the internet (unless you have to pay for it, but that's a choice you make, not one that's foisted upon you).
So to comply with these EU regulations, several GDPR (General Data Protection Regulations) plugins were created for WordPress. They could just be added to a site and some EU compliant text and checkboxes would appear on your blog.
One of the most popular is the WP GDPR Compliance plugin. It's installed on over 100,000 blogs.
I don't have an insight into the security measures implemented by WA for its blogs. The current hack allows an attacker to escalate their privelages on a blog. Essentially they can make themselves an admin and then do whatever they want.
So I think the best thing we all can do is immediately check our blogs to make sure they haven't been hacked and to update the WP GDPR Compliance plugin to version 1.4.3 right now.
Here's how I found about about my site hack and how I fixed it.
UPDATE 1: I got a notification today that a new user had been added to my WA blog (which also uses the WP GDPR Compliance plugin). The email address had a .ru (Russia) extenison. I don't allow users to register on my blog, but this user was listed as an Administrator! I missed updating the WP GDPR Compliance plugin on this site.
So this confirms that WA sites using the WP GDPR Compliance plugin are in danger of being hacked, regardless of the security measure implemented on WA web servers.
I'd recommend that you change your login password for your blog if you use/used the WP GDPR Compliance plugin. A hacker could have gained access to your site, created an admin level user, used it to get your admin password and then deleted the admin account they created. If they have your username and password, they have access to your blog!
Recent Comments
29
I also had a website hacked one day. Some hacker had put links to a pharmaceutical site on almost all of my pages. I changed my password and removed all the links. After that, no more problems.
No matter how safe WA is, if a hacker finds out your password and username for Wealthy Affiliate, he will have access to ALL your websites.
So it is important to have a good password to log in to WA to prevent hackers from getting access to your websites, and have free training also.
Actually WA security doesn't prevent a hack. I found a new admin user on my blog (someone from Russia). I deleted the user and then changed my WA blog password. Can't be complacent about this one. We have to be pro-active.
My site didn't display properly. I also had problems trying to access WP Admin pages. They kept redirecting to a domain I don't own - erealitatea .net. I don't know if every hacked site would redirect to this domain or if it's one of several used by the hackers. This was on my non-WA blog.
I received a notification that a new user had been added to my WA blog. I don't allow users to register so that was a huge red flag. I deleted the user and change my blog password. This shows that the hackers are not being stopped by WA security measures.
Hi Anne,
The first clue that your site has been hacked is usually the knee jerk,“that’s not right” moment. If you need more than just a gut feeling to turn “that’s not right” to “something’s wrong” here are 8 telltale signs your site has been hacked:
1. The Red Screen of Death…Compliments of Your Browser
Browsers can often be the first to alert website owners that their site has been compromised. If malware has been detected the nefarious red screen is a telltale sign that your website needs some deep cleaning.
2. Your Site Disappears
If your site is gone, with a lovely white screen in it’s place it may have been hacked. Or perhaps your web designer is in the process of modifying the site and it’s not completed yet. Definitely check with your designer if the site disappears and always double check to make sure your domain name hasn’t expired.
3. Your Site Loads Super Slow or Crashes
If hackers are using your site as a way to send spam emails it may slow down the entire server and the other sites hosted on it. Slow load time is often an indication of this type of hacking.
4. Your Site Displays Another Website
Some hackers will re-direct your site to another site. Most often a not so family friendly site. If this is the case they may have placed a redirect code in your files.
5. You Find Viagra References All Over the Site
You may find words that you didn’t type in weird places in your site or added links for unrelated products. These links are sometimes given stealth placement nested in technological or scientific words. Sometimes the links are even in another language.
Also, certain security plugins, for example Wordfence will provide you with malware scanning features.
Also, Google Search Console can email you alerts about your site including if it detects that your site is infected with malware. Go to “Search Console Preferences” and enable email alerts there. This will notify you immediately when Google detects malware on your site and you may be able to fix the problem before they start displaying warnings.
Just found an email notification alerting me to a new user being added to my WA blog. Someone from Russia who was listed as an Administrator. I missed updating the plugin on my WA blog yesterday as I was focused on recovering my non-WA blog.
Everyone using the WP GDPR Compliance plugin should check that there no new suspect users have been added to your blog user list and to delete them immediately if you find them.
I'm sorry this happened:(. I updated my plugin yesterday, so hopefully...all is ok. Best wishes to you:)
Blessings:)
Suzi
Terrible for those wHo used the plugin.
Details here also:
https://www.wordfence.com/blog/2018/11/privilege-escalation-flaw-in-wp-gdpr-compliance-plugin-exploited-in-the-wild/
See more comments
There's always something! It seems like security is such a difficult feature of websites in general - it is very frustrating.
I have had other sites hacked as well (non-WA sites) and changed several of my blogs to rather rude titles.
Annoying but not fatal.
Thanks for the warning!
Dave.
Yeah, it's a constant arms race between the hackers and the security guys with us webmasters stuck somewhere in the middle. I lost countless hours repairing hacked blogs (and lost a few entirely) when I was starting out and knew diddly squat about website security.