Our website got hacked!

“We got hacked” – is a sentence that a cyber security provider should not ever say to stay in business… but here is our story! And no need to panic it was our WordPress site hosted by a third party. Our services and customer data are safe and sound, we don’t have any kind of impact to our customers or company data. As a cyber security company sharing our experience about all type of attacks with our community helps to avoid the same situations in other companies.

What happened?

We noticed on February 8th that something seems wrong with our homepage. When you would have tried to visit our page, you would have been redirected to different addresses chosen by our webpage attacker. Our incident response team confirmed the fact promptly and got into action. The culprit was a vulnerability that hit the news at the 6th of February, in one of the plugin named – “Ultimate GDPR & CCPA Compliance Toolkit for WordPress” which CYBERS used. The exploitation allowed an unauthenticated user to change the settings of the plugin and redirect traffic to an external website. It took us 35 minutes to identify the problem and return the site operation back to normal. 

What issues did it bring us?

First, it is still an unnecessary hassle. Investigations started together with our partners and manhours spent for post-analysis report, notifications to our CERT-EE as regulations demand. All these activities are necessary, but my point is that it is easier to protect better to avoid the impact. 

Hence this is what we learned: 

• Our regular patching and scanning of vulnerabilities using general tools were OK, but not enough to cover niche plugin-related vulnerabilities. 
• Monitoring of website needed improvements.
• Additional protection tools needed to be implemented. 

Let’s not this go to waste!

It is always better to learn from others’ mistakes. WordPress security is a topic of huge importance for every website owner. Google blacklists around 10,000+ websites every day for malware and around 50,000 for phishing every week. If you are a business owner and are worried about how is your WP homepage protected check out the list below. These WordPress security tips help you to protect your website against hackers and malware: 

• Add Security Questions to WordPress Login Screen 
• Add Two Factor Authentication 
• Automatically log out Idle Users in WordPress 

• Install a WordPress Security Plugin 
• Change the Default “admin” username 
• Change WordPress Database Prefix 
• Disable Directory Indexing and Browsing 
• Disable File Editing 

• Disable PHP File Execution in Certain WordPress Directories 
• Disable XML-RPC in WordPress 
• Enable Web Application Firewall (WAF) 
• Install a WordPress Backup Solution 
• Limit Login Attempts 

• Move WordPress Site to SSL/HTTPS 
• Password Protect WordPress Admin Page 
• Scanning WordPress for Malware and Vulnerabilities 

If you need help with WordPress security do not hesitate to contact us and let us check together what is the status of your business main gateway!