WordPress 4.7.1 Vulnerability Hacked By SA3D HaCk3

WordPress 4.7.1 Vulnerability Hacked By SA3D HaCk3

Recently one of my clients had two of their wordpress websites hacked. The main evidence were two posts added to the blogs with a title either ‘Hacked By SA3D HaCk3’ or ‘Hacked by Xurupitas Farm’.

After doing my research on Google I found that the reason was a vulnerability in 4.7.1 release of WordPress. So users who failed to upgrade from 4.7.1. to 4.7.2 suffered from the vulnerability in WP_Query. Although the Worspress Core is not endangered, some themes and plugins could be susceptible to a SQL injection (SQLi) when passing unsafe data. This issue was fixed in 4.7.2 version.

What did the hackers Add To The Blogs

After deleting the injected posts, I looked into the wordpress databases for more clues and did find some revisions of the aforementioned posts, but anything else.

Then I checked the websites with two free online scanners for malware. I used Sucuri and Quiterra to double check the blogs for viruses. Both of them didn’t find anything suspicious.

The moral of this story for me is to bring attention to our customers for the need to update core software and plugins regularly. Additionally, automatic background updates are very useful in promoting better security. One approach for this is to add a statement enabling core upgrade in the WordPress config file wp-config.php

Configuration of wp-config.php

Using wp-config one can completely disable Worpress core

define( 'AUTOMATIC_UPDATER_DISABLED', true );

or fine-tune the way core will update in future.

define( 'WP_AUTO_UPDATE_CORE', true );

In the above statement we can have three values.
True- the core will always update, even in major upgrades
False- the core will never update
Minor- Only minor updates will be executed

Diana D has written 19 articles

One thought on “WordPress 4.7.1 Vulnerability Hacked By SA3D HaCk3

  1. page content says:

    Excellent blog here! Additionally your site a lot up fast!

    What web host are you using? Can I am getting your affiliate
    link on your host? I want my web site loaded up as fast as yours lol

Leave a Reply

Your email address will not be published.

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>