WordPress Server is Hacked - Follow These Steps to Secure Your Website

WordPress Server is Hacked - Follow These Steps to Secure Your Website

On Tuesday, Feb 7th, morning, WordPress, the blog sharing website announced that it had been hacked.

The hacker is a known perpetrator identifying as “MuhmadEmad” who has previously targeted a number of high-profile websites. Several hundred Irish websites fell as a victim to his WordPress cyber attack. The websites includes an Irish Distillers, advert agency JCDecaux, the Federation of Irish Sport, schools across Dublin and Donegal, and a modelling agency.

What he did after hacking the websites?

Having access to these websites, the hacker then posted a signature message in support of Kurdish anti-ISIS forces[1]. It is anticipated that many more Irish websites are vulnerable now.

How the Vulnerability is identified?

In January 2017, The WordPress, reported to have a 59.4% of the worldwide market share in Website Content Management, issued an advisory note disclosing multiple vulnerabilities identified in WordPress V4.7.1 and earlier versions.

Steps to Secure Your Website

On January 26th, 2017, the company released a patch, V4.7.2, to address these vulnerabilities, advising that all customers update their versions of WordPress websites immediately. The following vulnerabilities were reported to WordPress from various sources; additional details may be found on the official WordPress advisory note here:

Avoid Third Party WordPress Plugins

Users who do not have correct permission are being shown the user interface for assigning taxonomy terms. When passing unsafe data WP_Query is vulnerable to a SQL injection (SQLi). While WordPress Core is not directly vulnerable to this issue, some plugins and themes may introduce the vulnerability to the website. A cross-site scripting (XSS) vulnerability was identified in the posts list table.

However, WordPress delayed disclosing an additional website vulnerability until February 1st to allow users running automatic updates time to patch their WordPress versions to 4.7.2, thereby reducing the scope of potential targets for any would-be attackers. As is clear from this attack, this unauthenticated privilege escalation vulnerability, which was identified in a REST API endpoint,[2] has now been exploited in the wild.


It is strongly recommended that all WordPress customers immediately review their websites for vulnerability to the above-listed exploits and patch to v4.7.2 as soon as possible.

Details on how to upgrade WordPress are available on the advisory notice issued by the company. If you suspect that your website is vulnerable to attack, we recommend that you carry out a pen test as soon as possible.

There are chances that your Gmail account also being hacked.