PSA: Update Your WordPress Sites That Are Running 4.7.0 and 4.7.1
This is kind of old news, but if you haven't been active on WA or logged into your websites for awhile you might not know about it.
Basically, WordPress 4.7.0 and 4.7.1 has a vulnerability that allows unauthenticated people(people who don't have login credentials) to edit your posts.
As you can imagine spammers and hackers have taken full advantage of it to deface websites. I have two websites that had posts modified to say they had been "Hacked by imam with love" and one of those two also had spam links for Cialis.
You might want to take a look at all your posts/pages and see if anything looks out of place.
Things to do if you have been hacked:
- Restore from known good backup(if possible, this is the easiest way.)
- Change login passwords, FTP passwords, and database user passwords. Do this even if you restored from backups because your backups will have the same passwords as your hacked site.
- If you host your site with SiteRubix, hosting support may be able to help you out. It would be worthwhile to submit a ticket and find out.
- Worst case scenario: Copy all of your content manually and rebuild your site from scratch if you are super paranoid or don't have good backups.