A Little Problem With The WP GDPR Compliance Plugin

Last Update: November 10, 2018

Yesterday I discovered that one of my blogs (not a WA blog) had been hacked.

I use a range of security plugins on my non-WA sites to beef up security. Traffic is also passed through Coudflare which provides yet another security layer.

Yet, despite all this, my blog got hacked.

Why am I posting about a non-WA blog here?

Because the hack came through a plugin many of us here are probably using on our WA blogs - the WP GDPR Compliance plugin.

As you probably know, certain privacy and data protection regulations were enacted by the EU back in May. This means that any website, no matter where in the world it is, has to protect the data of EU citizens.

Some sites, notably in the USA, blocked access to EU residents while they figured out what to do. This is against the ethos of everything being freely available on the internet (unless you have to pay for it, but that's a choice you make, not one that's foisted upon you).

So to comply with these EU regulations, several GDPR (General Data Protection Regulations) plugins were created for WordPress. They could just be added to a site and some EU compliant text and checkboxes would appear on your blog.

One of the most popular is the WP GDPR Compliance plugin. It's installed on over 100,000 blogs.

I don't have an insight into the security measures implemented by WA for its blogs. The current hack allows an attacker to escalate their privelages on a blog. Essentially they can make themselves an admin and then do whatever they want.

So I think the best thing we all can do is immediately check our blogs to make sure they haven't been hacked and to update the WP GDPR Compliance plugin to version 1.4.3 right now.

Here's how I found about about my site hack and how I fixed it.

UPDATE 1: I got a notification today that a new user had been added to my WA blog (which also uses the WP GDPR Compliance plugin). The email address had a .ru (Russia) extenison. I don't allow users to register on my blog, but this user was listed as an Administrator! I missed updating the WP GDPR Compliance plugin on this site.

So this confirms that WA sites using the WP GDPR Compliance plugin are in danger of being hacked, regardless of the security measure implemented on WA web servers.

I'd recommend that you change your login password for your blog if you use/used the WP GDPR Compliance plugin. A hacker could have gained access to your site, created an admin level user, used it to get your admin password and then deleted the admin account they created. If they have your username and password, they have access to your blog!

Join the Discussion
Write something…
Recent messages
N33 Premium
May I ask, how do we know a website has been hacked?
Vickic3 Premium
The security WA have in place would give me no cause to worry about this Anne
nightwatch Premium
Actually WA security doesn't prevent a hack. I found a new admin user on my blog (someone from Russia). I deleted the user and then changed my WA blog password. Can't be complacent about this one. We have to be pro-active.
Vickic3 Premium
Wow - I'll be alert from here on in thank you
nightwatch Premium
My site didn't display properly. I also had problems trying to access WP Admin pages. They kept redirecting to a domain I don't own - erealitatea .net. I don't know if every hacked site would redirect to this domain or if it's one of several used by the hackers. This was on my non-WA blog.

I received a notification that a new user had been added to my WA blog. I don't allow users to register so that was a huge red flag. I deleted the user and change my blog password. This shows that the hackers are not being stopped by WA security measures.
smartketeer Premium
Hi Anne,

The first clue that your site has been hacked is usually the knee jerk,“that’s not right” moment. If you need more than just a gut feeling to turn “that’s not right” to “something’s wrong” here are 8 telltale signs your site has been hacked:

1. The Red Screen of Death…Compliments of Your Browser

Browsers can often be the first to alert website owners that their site has been compromised. If malware has been detected the nefarious red screen is a telltale sign that your website needs some deep cleaning.

2. Your Site Disappears

If your site is gone, with a lovely white screen in it’s place it may have been hacked. Or perhaps your web designer is in the process of modifying the site and it’s not completed yet. Definitely check with your designer if the site disappears and always double check to make sure your domain name hasn’t expired.

3. Your Site Loads Super Slow or Crashes

If hackers are using your site as a way to send spam emails it may slow down the entire server and the other sites hosted on it. Slow load time is often an indication of this type of hacking.

4. Your Site Displays Another Website

Some hackers will re-direct your site to another site. Most often a not so family friendly site. If this is the case they may have placed a redirect code in your files.

5. You Find Viagra References All Over the Site

You may find words that you didn’t type in weird places in your site or added links for unrelated products. These links are sometimes given stealth placement nested in technological or scientific words. Sometimes the links are even in another language.

Also, certain security plugins, for example Wordfence will provide you with malware scanning features.

Also, Google Search Console can email you alerts about your site including if it detects that your site is infected with malware. Go to “Search Console Preferences” and enable email alerts there. This will notify you immediately when Google detects malware on your site and you may be able to fix the problem before they start displaying warnings.
N33 Premium
Thank you so much for this exhaustive answer. This all sounds like a thriller.
smartketeer Premium
It is :)
nightwatch Premium
Just found an email notification alerting me to a new user being added to my WA blog. Someone from Russia who was listed as an Administrator. I missed updating the plugin on my WA blog yesterday as I was focused on recovering my non-WA blog.

Everyone using the WP GDPR Compliance plugin should check that there no new suspect users have been added to your blog user list and to delete them immediately if you find them.
Zarina Premium
Thanks for letting us know!! I updated it.
suzzziq Premium
I'm sorry this happened:(. I updated my plugin yesterday, so hopefully...all is ok. Best wishes to you:)
Fleeky Premium Plus