FBI Issues PSA: ISIL Defacements Exploiting WordPress Vulnerabilities by @mattsouthern
1. FBI Issues PSA: ISIL Defacements Exploiting WordPress
Vulnerabilities by @mattsouthern
The Federal Bureau of Investigation (FBI) has issued a public service announcement about
continuous website defacements occurring as a result of a vulnerability in the WordPress content
management system.
The FBI reports these defacements are being carried out by individuals sympathetic to the Islamic
State in the Levant (ISIL) a.k.a. Islamic State of Iraq and al-Shams (ISIS).
"The defacements have affected Web site operations and the communication platforms of news
organizations, commercial entities, religious institutions, federal/state/local governments, foreign
governments, and a variety of other domestic and international Web sites."
Only websites running on the WordPress content management system are vulnerable to these
particular exploits. Since the attackers are using "relatively unsophisticated" methods to gain access
to WordPress sites, the defacements are apparently easy to fix, but can certainly cause a disruption
to business operations.
Although easy to fix, it is a serious issue because the vulnerability could result in an attacker taking
full control over a website.
If your website has been targeted, the FBI recommends taking the following actions:
Review and follow WordPress guidelines:
Identify WordPress vulnerabilities using free available tools such as
Update WordPress by patching vulnerable plugins:
Run all software as a non-privileged user, without administrative privileges, to diminish the effects
of a successful attack
Confirm that the operating system and all applications are running the most updated versions
Since websites being attacked are compromised through vulnerabilities in WordPress plugins, one
way to protect yourself from an attack is to keep your plugins updated.
Accoring to WordPress securing blog Sucuri, the top 2 plugins currently being exploited are:
2. RevSlider (Version 4.2), and GravityForms (Version v1.8.20). Note that only older versions of these
plugins are being exploited, so if you have the latest versions installed you should be protected.
In addition, there have also been attacks reported against several other plugins, including FancyBox,
Wp Symposium, Mailpoet and others. Attackers are said to be exploiting anything they can get their
hands on, so the best course of action is to update everything.
Matt Southern is the lead news writer at Search Engine Journal. His passion for helping people in all
aspects of online marketing flows through in the expert articles he contributes to many well
respected publications across the web. Contact him via his website if you'd like him to write for you.
Latest posts by Matt Southern (see all)