WordPress-Grinch
What's Buzzing

The Grinch Who Hacked WordPress

30. 12. 2013

While most of us are spending the holidays relaxing, rejoicing and celebrating with our families, we sometimes forget that the hackers of the world are still hard at work looking for new ways to exploit technology and cause disruption on websites.  WordPress - one of the most widely used content management systems today - has seen the emergence of a new vulnerability over the last few months of 2013, which the hackers (or 'digital Grinches' if you will) have already taken advantage of.

If your website is built using WordPress, in the last 24 hours you may have noticed any of the following surprises being displayed on your website:

1. Broken section. 

The WordPress controlled areas of your website now have a strange message, a sort of signature of the group of people responsible:

hacked-screenshot

…not exactly the kind of news you would want your customers to see.

How to fix it.

Note that not all WordPress installations are the same.  These steps may be different depending on your version.

Login to WordPress and select Appearance -> Widgets, and start by opening up the item labeled 'Text' within the Main Sidebar area:

screenshot2

From there, click Delete to remove the hacker's widget.  You will be able to see the hacker's message before clicking delete.

Depending on how your WordPress site has been configured, you may need to add widgets for news categories and secondary navigation items back to the Main Sidebar area.

2. Hacked Title Tag.

The title of your website is meant to summarize the identity of your organization… this is another place where hackers can leave their mark:

Fortunately, this is really easy to fix... just go into Settings -> General and replace the hacker’s title with the correct one for your website.

3. Categories by Month.

Suddenly all of the categories may have been replaced with a new list of categories, consisting of a separate category for each month.

screenshot5

...not to mention the unwanted presence of a 'Log in' tab at the bottom.  Essentially this hack removes any widgets that were set-up in the Main Sidebar area, and shows the default WordPress widgets instead.  Assuming your website has used at least one non-default widget here, there is no one-size-fits-all solution to this problem.  Unless you have WordPress development experience, you will need the help of a WordPress developer to correct this, since it will depend on how your website was configured.

4. Strange Characters and Symbols.

Strange text objects can be seen throughout the website copy, and in some cases within the navigation titles:

screenshot4

To fix this, simply go into Settings -> Reading and change the entry under 'Encoding for pages and feeds' from UTF-7 to UTF-8:

screenshot6

With websites often acting as the face of an organization, its ability to exeunt confidence is of paramount importance.  Having a customer or prospect see your website hacked leaves a negative impression that can be difficult to reverse.  The issues arising from this particular WordPress vulnerability can be fixed with relative ease, however you may not always be available or able to spot these issues before they are seen by a significant number of website visitors.

Last but not least, update WordPress to the latest version 3.8 to protect yourself from any other currently know vulnerabilities.

Peace of Mind

So that you can rest assured that your WordPress site is minimally hindered from the effects of hackers, it pays to have a web development company watch over your website -  ensuring WordPress and other parts are updated on an ongoing basis.  Given that WordPress security is constantly being updated and improved, having a web developer not only monitor new updates, but implement them automatically and ensure the website works properly post-update can save significant time and money.  No to mention the lost opportunity cost of turning off a potential customer, this proactive safeguard may pay for itself many times over.

Add new comment

All fields required.

This question is for testing whether or not you are a human visitor and to prevent automated spam submissions.