The Federal Bureau of Investigation (FBI) has issued a public service announcement about continuous website defacements occurring as a result of a vulnerability in the WordPress content management system.
The FBI reports these defacements are being carried out by individuals sympathetic to the Islamic State in the Levant (ISIL) a.k.a. Islamic State of Iraq and al-Shams (ISIS).
“The defacements have affected Web site operations and the communication platforms of news organizations, commercial entities, religious institutions, federal/state/local governments, foreign governments, and a variety of other domestic and international Web sites.”
Only websites running on the WordPress content management system are vulnerable to these particular exploits. Since the attackers are using “relatively unsophisticated” methods to gain access to WordPress sites, the defacements are apparently easy to fix, but can certainly cause a disruption to business operations.
Although easy to fix, it is a serious issue because the vulnerability could result in an attacker taking full control over a website.
If your website has been targeted, the FBI recommends taking the following actions:
- Review and follow WordPress guidelines:
- Identify WordPress vulnerabilities using free available tools such as
- Update WordPress by patching vulnerable plugins:
- Run all software as a non-privileged user, without administrative privileges, to diminish the effects of a successful attack
- Confirm that the operating system and all applications are running the most updated versions
Since websites being attacked are compromised through vulnerabilities in WordPress plugins, one way to protect yourself from an attack is to keep your plugins updated.
Accoring to WordPress securing blog Sucuri, the top 2 plugins currently being exploited are: RevSlider (Version < 4.2), and GravityForms (Version < v1.8.20). Note that only older versions of these plugins are being exploited, so if you have the latest versions installed you should be protected.
In addition, there have also been attacks reported against several other plugins, including FancyBox, Wp Symposium, Mailpoet and others. Attackers are said to be exploiting anything they can get their hands on, so the best course of action is to update everything.