First of all, all of the websites I manage have been updated to WordPress 4.7.2. Many of the websites were updated on time and suffered no ill effects from the epidemic of defacements that affected WordPress sites across the globe this past week.
Those few sites that were affected have been updated and cleaned up. Still, if you see any odd content on your posts or pages, its incredibly simple for you to revert them to their previous version, or contact me to take care of it for you.
From everything I have learned, this hack is initiated by editing ALREADY EXISTING pages or posts through a vulnerability in version 4.7.1’s REST API.
The bottom line:
PASSWORDS and USERS do not appear to have been compromised. If I find this to be incorrect, I will let you know and initiate a password update process.
If you find this post but aren’t one of my clients, here’s how to clean things up.
- Update your website to the latest version of WordPress (currently 4.7.2).
- Check your posts and pages for changes and revert your content to a version before it was hacked. Some are really obvious, some may not be.
- An easy way to see recent changes to your site’s content is to look at the “Activity” box on your site’s dashboard. If you don’t see it, click the “screen options” tab at the top of the page and make sure the “Activity” checkbox is checked.
- If you have never reverted content before, simply go to edit the post or page you want to revert. There is a “revisions” entry in the “publish” box. Clicking “browse” will allow you to step back through prior versions and republish and older version of your page. Don’t be surprised if there are several ‘hacked’ versions already there. The hackers have been prolific and have been writing over top of each other.