Rest API exploits blocked by WordFence


On January 26th, WordPress forced an update to their system to protect against a vulnerability that allowed content on a WordPress website to be changed.  The hidden fix was made public on February 1st and the response by the hacking community has exploded into a hacking frenzy targeting WordPress sites.  They have now taken this to a whole new level by competing on how many sites they can deface.

See the following article for more details as reported by WordFence, a leader in WordPress Security and cyber defense.

If you have a WordPress Website, TAKE ACTION NOW!

1) Check Your Web Pages for Symptoms of a Hack

The most obvious clue may be changed content on posts or pages of your website.  Content can include both images and text, so look at them carefully to make sure everything is in tact.  If not – well – you’ve been hacked and you’ll need technical help to fix it.  If that’s the case, the next step I’d make is to contact your developer and make sure they’re aware and see what they recommend. Depending on the situation, or how bad the hack is, they may be able to fix; however, if not, maybe we can help.  There is a fee for our time to resolve, but might be less than a typical redesign.  If your website has been attacked by Ransomware – meaning they’re holding your site hostage in exchange for money – DO NOT PAY!  Contact your local law enforcement authorities that handle cyber crime and/or report the attack to the FBI at Internet Crime Complaint Center.

2) If Your Site Looks OK, Contact Your Developer to Make Sure Your Website Has Been Updated

Likely email will be best, but be sure to follow-up with a phone call if they don’t respond to you in a timely manner.  If they’re like us, we’re working diligently addressing the sites we maintain regularly to address this situation.  Just make sure they are aware and that they are taking action as soon as possible.  Also make sure they take a clean back-up of your database and files.

3) Take Backup of Your Actual Database and Files and Download From Server

Don’t rely on your web host to ever make a back-up for you. Most web hosts only take a back-up of the files on the server to protect from their own data loss in the event of equipment failure.  They can dig out a copy of your data, but it’s not an easy task on their part, so it will likely cost more than you’re expecting it might.  Your website files – no matter what kind of website you have – are your responsibility.  You might hire a service provider to help you manage their integrity; but if you’re not paying for regular maintenance – it is your job to do.  As for WordPress, I suggest not solely relying upon a back-up plugin.  You want to make sure you have a good backup of both your files and database should you need to restore.  I have seen too frequently where plugins fail leaving you without a valid backup.  In a critical situation, it is best to go to the source in this matter.  Also – be sure to download the files from your server then delete the old archives to limit risk for hackers getting access through old vulnerabilities.

4) Consider Adding Additional Security to Your Website

WordFence is our preferred security provider.  There are others out there and I’m not saying if they’re good or bad – we’re just not familiar with them.  We chose WordFence because of their pro-active monitoring and cooperation with national officials to combat cyber crime.  They have excellent customer service and are always proactive in defensive situations like this.  Their security plugin – even in the free form – is very comprehensive; however, I’m currently suggesting all those who have hesitated before, now consider the upgrade to protect themselves further.

I know hacking and cyber crime can be a confusing, and a somewhat scary, topic – but it is really important to take actions to protect your business.  I would be happy to have a conversation with you to ease your worries or fears.  You can reach my office at 636-379-1750 or CLICK HERE to submit a request for me to call you.

Julia Eudy - Golden Services Group

About the Author:  Julia Eudy is the founder of Golden Services Group and experienced online marketing professional.  Her proven skills assist business owners develop a solid online strategy,  track data analytics, write compelling SEO-ready copy and crates a focused communication process to promote long-term referrals.