Attackers target WordPress sites running version 4.7.1 and below
In what has been described as a ‘mass level attack’ large numbers of WordPress websites have been targeted through a hidden REST API loophole. At this point over 1.5 million pages across 39,000 unique domains have now been attacked and defaced but this is expected to rise further.
Although WordPress released an update in early January to prevent this, unfortunately this has the potential to affect those sites that are only one version out of date.
According to Sucuri, attackers have been crafting simple HTTP requests that then allow them to bypass authentication systems to edit the titles and content of pages. This vulnerability has the potential to affect all sites not on version 4.7.2.
With the cases we’ve seen so far, the hackers have replaced one or more existing WordPress posts with their own content. This is known as search engine poisoning, as eventually Google will begin to index these pages and as such, your website loses rank.
To check to see whether your site has been affected, you can run your site through Sucuri’s site checker:
How to check which version is running?
If you log into your WordPress admin area you should be able to go to ‘updates’ in the navigation menu which will then tell you which version of WordPress you are using and whether this is the latest version.
We strongly recommend if you are using an outdated version you update immediately.