A report earlier this month revealed that an easily searched database of 1.4 billion password credentials has been leaked and made available in dark web communities. These passwords can be used to automate the search for admin level server and CMS access to websites, regardless of platform. Earlier this month a Bitcoin subReddit was compromised. That hacking highlights that it doesn’t matter if you’re using WordPress, Joomla, phpBB or even hand coding your own CMS. If your password is weak or compromised then your site is under risk.
It didn’t take long for the hackings to begin. A massive brute force attack was reported by WordFence on December 18th, peaking at 14 million attacks per hour.
Google Webmaster Help Offers Advice
Google’s Webmaster Help blog offered a timely tutorial on fixing hacked WordPress installations. Their comprehensive tutorial covers several common hacking types and offers practical advice for reversing a hack.
Google however left out one important fix. Hackers sometimes create an admin level user, sometimes with FTP level access. In order to completely clean your website, you should review your database to identify new users with escalated permission levels. A hacking infection can be completely cleaned but still return if you don’t remove this hacker access point.
Another helpful tool for checking if you’re hacked is to use a User Agent Switcher. This is a Chrome browser add-on that will disguise your browser to make it look like you are Googlebot. If your site is displaying hacked content to Google, the User Agent Switcher will help you discover it.
If your user agent switcher doesn’t come with GoogleBot preinstalled, you can add it yourself, by going into the options and filling out the bot information that you want to be disguised as. You can find complete user agent information here.
Are All Sites Vulnerable to an Attack?
Because the passwords that were leaked aren’t specific to WordPress, it’s safe to assume that all sites will come under some kind of brute force attack to guess your password and gain access. The fact that not even Reddit is immune to these kinds of attack is a reminder that all admin level passwords must be secured.
How to Protect Against a Password-based Hacking
You may wish to improve your password. Make your password long, use numbers, use symbols, and use mixed case letters (upper and lower case). Make sure to change not just your CMS/blog password, but you may wish to consider changing passwords related to your domain name registration, hosting account and emails associated with your hosting and domains.
Be especially vigilant during weekends on holidays. Hackers know that customer service staff at some organizations are outsourced on weekends which makes changing the passwords by phone easier since the outsourced staff might not always follow the same security procedures that the normal staff does.