WordPress REST API Vulnerability Abused in Defacement Campaigns

Website defacement is an attack on a website that changes the visual appearance of the site or a webpage.

WordPress included a fix for a severe vulnerability in its REST API two weeks ago with the release of WordPress 4.7.2.

How Does It Work

Hackers use this security vulnerability to conduct a remote code execution on the Web server it is being hosted on in order to change the visual appearance or replace the site content.

WordPress Versions Affected

The vulnerability affects WordPress versions 4.7 and 4.71.

What To Do

First, you or your webmaster need to update the WordPress core engine to the latest released version WordPress 4.7.2 that was released two weeks ago. Second, update all WordPress plugins to its latest versions. Third, ensure that you use an active firewall for your web hosting.

Important Tips

Be Proactive: don't wait until you hear that a new vulnerability was discovered. Always update the WordPress core engine and plugins.

Backup: back to basics, always backup your WordPress site so it can restore your hacked WordPress installation.

Remove vs. Disable: remove unused plugins vs disabling it. The same applies to unused themes. If you don't use it, remove it.

An Ongoing Need to Stay Up-to-Date

Unfortunately and as usual, WordPress CMS used by millions is vulnerable again and site owners fail to understand the disadvantages of not being proactive with their maintenance and not utilizing a web maintenance service to constantly monitor and backup their WordPress sites. While you should focus on running your business, trying to be a passive webmaster is an open door invitation for hackers.

eLab Communications offer several maintenance and hosting packages specific to WordPress websites. Contact us today for a complimentary website health check and to discuss your available maintenance options. Call us Toll Free 888.624.8321 - Local 831.375.7600