Are you tired of the battle against the hacks? Here’s our thoughts on the latest situation with WordPress websites.
If you are at all related to the web world, you will inevitably come in contact with WordPress. It’s the beautifully-designed, easy to use content management system that is our favorite here at AndiSites. According to W3Techs, WordPress is now estimated to be used in 58.9% of content management system websites. And in 25.7% of all websites!1
Since WordPress is the most popular CMS, hackers can target low-quality implementations in order to gain an edge. These include weak installations and unsupported versions. Hence the importance of making sure your WordPress website is developed and supported by skilled professionals. And also that core security and plugin updates are made regularly.
The most recent vulnerability we discovered
A new client of ours sought help from AndiSites because they were seeing errors and experiencing problems with their site.
The vulnerability that we discovered was likely installed via a Gravity Forms plugin. It hadn’t been updated to the latest version. We have heard of past hackers gaining access through Gravity Forms. Thankfully the folks at Rocketgenius (the plugin’s provider) address those vulnerabilities the moment they find them. Gravity Forms is included in many websites since it is a powerful, highly customizable form builder plugin. It not only collects information but also integrates with lots of third-party database services. Unfortunately, some websites do not keep up with the latest security updates and put themselves at potential risk of getting hacked.
The actual code
Most importantly, you can’t just look for the reference in your installation because they use a PHP string replace function (they don’t write it out directly in the code). In this case, they used: “j..q..e..u..r..y…o..r..g” as part of the string, and then removed the dots with string replace (as in the example below).
The Moral of the Story
I don’t want to remind you again about the importance of a support plan with a reputable WordPress agency. But I do want to encourage you to make the security of your website a priority.
Security is a vital part of every website. At AndiSites we build security into every website we do and provide support plans that give you peace of mind post-launch.