A recently disclosed security vulnerability in WordPress has been exploited by hackers, across millions of WordPress websites in Australia and around the world.

Leading website security firm, Sucuri, notified WordPress of the vulnerability when it was first detected by a security researcher. Upon notification, they immediately began work to rectify the flaw.

Unfortunately, the WordPress update released was too late for most, with over 1.5 millions web pages being hacked before hand.

How to tell if your WordPress website has been hacked

We manage all software updates for our clients, so if you’re a Phancybox client, there’s no need to worry – any effected web pages have been corrected. Alternatively, if you have a Blog or News section on your website, simply look at the most recent post – the hackers have been clear about their actions, so you will easily identify a foreign post.

Delete the post (make sure you remove it from the Trash too) and then have all Plugins, Themes and of course WordPress software updated. The latter can result in conflicts, so please do reach out if you need a hand.

Securi also have an online tool that will scan your website, to help identify any threats.

How to secure your WordPress website

Assuming your website hosting is secure, it’s vitally important for any WordPress website to have all software updates correctly managed.

  • Consider that WordPress itself, each Plugin and the Theme are all built by different developers, the risk for a security vulnerability is far higher than managing 1 piece of software
  • With so many people using WordPress around the globe, it’s also an easier target for hackers (similarly to how Microsoft is targeted)

Leaving your software outdated is quite literally opening doors for malicious users, having a negative impact on your brand, and of course introducing additional costs to resolve the issue.

Many Australian businesses manage these software updates internally. The small downside of this is that they don’t always play nicely together. If you update WordPress before your Plugins are compatible, you’re likely to end up with an error or worse on your live site. We manage these updates to ensure conflicts are left to a minimum, and are carried out on a secure environment, offering businesses the highest level of security possible, when it comes to a WordPress website.

If you’re unsure whether your website has been effected, or would like assistance in correcting a hacked WordPress website, please contact our Wanaka team for assistance.

Tip: If you found this useful, you can get our latest ideas delivered direct to your inbox, for free, right here.