Running a WordPress Website? Know How to Protect Yourself from ISIS Hacks

isis-hacks-worpress-websites

The US Federal Bureau of Investigation (FBI) has warned the WordPress users and urged them to patch their plugins of the content management system in the wake of recent ISIS hacks and future possibilities. In the recent past, the ISIS supporting cyber criminals have hacked the self-hosted WordPress websites and because of the unpatched plugins and flaws in the content management system website.

WordPress powers about 20 percent of the web and is fairly safe due to the continuous and timely updates. These updates generally fix up the newly found bugs and loopholes in the system but sometimes users don’t complete the updates on time and the system becomes vulnerable.

These ISIS hacks weren’t much sophisticated but they employed the use of the vulnerabilities due to faults in these plugins that resulted in unauthorized access, injecting malicious scripts, breaking the security firewalls and using the stolen cookies from computer systems and servers.

In a public notice, FBI said: “These individuals are hackers using relatively unsophisticated methods to exploit technical vulnerabilities and are utilizing the ISIL name to gain more notoriety than the underlying attack would have otherwise garnered.”

Recommended: How to Get Faster Internet Speed Using DNS Hack
isis-hacks-worpress

This warning about ISIS hacks has come after the multiple instances of security breaches in the United States and European countries. These ISIS hacks affected a variety of WordPress powered websites ranging from government organizations to the non-profits. The websites were defaced and flooded with claims and images suggesting the involvement of ISIS.

An attacker could install malicious software; manipulate data; or create new accounts with full user privileges for future Web site exploitation.

FBI added, “Methods being utilized by hackers for the defacements indicate that individual websites are not being directly targeted by name or business type.”

Web security firm Sucuri has named two plugins that were being attacked and used an attack-doorway: GravityForms and RevSlider. The users must keep updating these and all other plugins from time to time to avoid the vulnerabilities.

How to secure yourself from these ISIS hacks?

In its public release, FBI has listed some measure that must be taken to safeguard yourself against these ISIS hacks:

  1. Follow these WordPress guidelines and review them.
    http://codex.wordpress.org/Hardening_WordPress
  2. Use free tools to identify the WordPress vulnerabilities.
    http://www.securityfocus.com/bid
    http://cve.mitre.org/index.html
    https://www.us-cert.gov/
  3. Update and patch the WordPress plugins.
    https://wordpress.org/plugins/tags/patch
  4. Run the most updated operating system and applications.
  5. Run the software on your system without using the administrative privileges to minimize the effects of a successful attack.

You are advised to follow the above guidelines and make your WordPress site more secure and safe from the ISIS hacks. These attacks aren’t some real-time threat, but it could affect you big time due the downtime and losses in terms of lost revenue.

Are you going to check your system for vulnerabilities and follow the guidelines? Tell us in comments!

Ravindra Paradhi

Engineer & Blogger.

Leave a Reply