There is a sudden rush of hackers targeting the REST-API vulnerability in previous versions of WordPress. If you are using the latest version of WordPress (WordPress 4.7.2), your website at risk of being hacked.
WordFence recently published some initial research finding on 19 different defacement campaigns they have been tracking.
Credit: WordFence (wordfence.com)
What does it mean if I get hacked?
With these particular campaigns, they replace your website content with different text and images which will announce that they have hacked your website and usually contain vulgar/obscene language which isn’t good for your brand. They can also install malicious code which could be downloaded and infect yours and your website visitor’s computers if they try to view your website. They can also redirect your website to send visitors to other websites.
Over 1 million web pages have been affected by these hacking campaigns but with quick action, your website can be cleaned of malicious code and upgraded to the latest code. If you haven’t already updated to WordPress 4.7.2, it is only a matter of time until your website is affected by this.
I have seen a few website affected by these campaigns already in the last few weeks and have helped them clean their website.
How can I fix it and/or prevent from being hacked?
You need to ensure that you are using the latest version of WordPress as well as using the latest versions of any themes and plugins that your website uses. Changing your website and hosting passwords on a regular basis is also highly recommended. We also recommend to install additional security plugins to make your WordPress website extra secure.
If you are concerned about your WordPress website, sign up to one of our maintenance packages and we can help ensure your website is regularly backed up and updated to make it as secure as possible.