Defacement of over a million WordPress pages

WordPress plugin vulnerability means millions find their WordPress website defaced by hackers

Free open-source website and blog creation tool 'Wordpress' has left millions of pages defaced, due to a remote code execution (RCE) feature being added to the package. This feature has allowed hackers to take control of pages using WordPress plugins allowing attackers control over editorial features in order to vandalize pages or even worse execute malicious payloads. Plugins are those great bits of extra software you can add to your WordPress site to do everything from show a map of visitors to show a fancy photo gallery. Plugins however, have always been a l known and documented 'attack vector' for hackers. An attack vector being 'a way in' or path into a website. The end result is millions of site owners have found their WordPress website defaced by hackers.

WordPress Website Defaced ?

A well known security firm released a statement saying they had detected multiple hackers seizing control of sites. A backdoor in the protocol allows attackers to inject ads, spam and affiliate links. The security firm expects many more attacks to follow and even advised users to disable the plugins due to attackers using these them to insert malware into any affected website More often than not the old, 'Hacked By GeNErAL' ! types of defacement are being replaced by monetising hacks with compromised sites being used to make money for the hacker via the use of paid ads (selling everything from viagra, research chemicals to fake crypto currency exchanges) or redirect them to an 'online pharmacy'
In March alone, over 45 million of WordPress websites were defaced and infectd. Many websites are still affected with many of their users not even realising that hidden within their blog there is a page that is selling some seedy pharmaceutical product . Often these hacked website pages are only found by using very specific search terms in google so blog owners are blissfully unaware that their sweet and innocent cupcake blog is actually harbouring a deep secret within the blog pages…
wordpress website defaced and infected by hackers selling pharmaceutical products

wordpress website defaced - fix repair hacked website and protect website from infection
What is also interesting is that before the security company released the details of the hack, very few WordPress websites had actually been compromised. The timeline in which the hack was detected, details released and then the fix released – does arouse suspicions amongst the conspiracy theorists amongst us.
WordPress makes owning and operating a website so easy. It's a great piece of software – used by many millions, loved by their owners. Unfortunately as it's very easy to use and setup by even the luddites amongst us – many users simply install plugins willy nilly without a thought of where the plugin came from or how secure it is. It's not in the realms of impossibility that a plugin could of been created by a hacker and uploaded to a plugin site, so take care where you download your plugins from.
Despite our passion and love for searching and removing unwanted malicious code from WordPress sites and blogs, we would always suggest to our customers that they keep their WordPress upgraded with the latest security fixes and uninstall any suspicious plugins. WordPress often release security patches – so stay aware and try to make this maintenance a monthly activity.

wordpress website defaced ? Free virus scan for your website. Check if website is infected with viruses

FREE Virus Scan

Here at we have been fixing these types of compromised and defaced WordPress websites for the past 5 years. We've actually become quite good at it. For any defaced WordPress site it typically takes us minutes to track down and identify any malicious code or suspect content. What is even more reassuring is that we can normally fix and clean a site 'clean' within one hour, restoring a defaced wordpress website back to it's former glory with very little fuss or bother. As we say to our WordPress customers, you deal with the content writing and let us deal with the hackers!
WordPress Website Defaced ? Have any concerns about your website or just want a FREE health check to ensure you are not one of the millions of hacked WordPress sites, then just contact us using our 24×7 chat or our cyber security team can do a full scan of your website via our FREE website infection / virus check . It's always better to be safe than sorry.


Contact the good guys

While you can never completely let your guard down against the bad guys, you shouldn't need to suffer constant anxiety either. And that's why we're here. We're constantly working to fix sites, keep them secure, and help you get back to what you want to be doing – running your business. If you want to protect a website from hackers for the long-term, trust in SharkGate™ to keep you safe.

We Can Help Save Your Business






WordPress website defaced ? If we don’t fix a defaced website in less than 1 hour then we do it for FREE!. Luckily for us we are very good at fixing sites fast!

TAGS > , , , ,