Your DIY Guide to Hacked WordPress Repair

Your Guide to Hacked WordPress Repair

If you run a website, you have to be prepared for the reality that it could be hacked at some point. Dealing with a hacked website can be stressful, and when it’s a WordPress site specifically, it can be even more frustrating because repairs won’t be the same as they would for a standard website.

Fortunately, this guide will help you learn the basics of hacked WordPress repair, including what you can do and when to call for help.

Hacking Can Cause All Kinds of Damage
If your WordPress website (or any other site, for that matter) is hacked, it can affect a lot of different things. If you run an e-commerce business or have customer payment information on file, you could expose them to security risks. You can lose your rankings in search engines, and even be blacklisted if the infection is serious enough.

Being hacked can expose visitors to viruses and malware, cause you to lose site data, and even ruin your reputation due to the security breaches or by the virus redirects to bad websites. It’s bad news in a lot of ways, but there is something you can do.

How to Repair Your Hacked WordPress Site

Step One: Find the hack and its source. Check to see if you can log in to the admin panel or if there are links popping up that you didn’t put on the site. Maybe you realized there was a problem because of malware redirects or that Google started flagging your site as unsafe. Either way, you have to find the source.

Step Two: Change your passwords immediately. If you can, put your site into maintenance mode so that it’s not continuing to cause damage. You may be able to restore your site from a backup, but you could risk losing fresh content so you’ll have to consider this in your decision.

Step Three: If you use hosting services, check to make sure they didn’t have a breach that’s bigger than your own WordPress site. They may have more information about what happened or how to fix it. In some cases, they might even clean up the mess for you.

Step Four: Find and remove the malware, bad code, or other infection. With WordPress, you’ll often find backdoors for hackers hiding in inactive plugins and themes. Delete any of these to ensure they’re not the problem. You can use any number of free plugins to do security audits and help with hacked WordPress repair.

Protect Yourself for the Future

If you don’t already, invest in a reputable WordPress hosting service. If the budget allows, consider using managed hosting services for the best security and hacking prevention. Also, make sure that you have a backup option for your website so that you can back everything up before you begin the repair process.

While you might be able to manage most of the process, you should really call in the professionals for hacked WordPress repair. Hacking repair specialists will ensure that you get the results that you deserve and that your WordPress site is better protected against future threats.

Need an expert to repair your website? Contact us today by calling (833) SITE-FIX.

Resources
https://www.tripwire.com/state-of-security/security-awareness/fix-hacked-wordpress-site/
https://www.wpbeginner.com/beginners-guide/beginners-step-step-guide-fixing-hacked-wordpress-site/

OpenCart v3.0.3.2 Multiple Open Source Dependency Vulnerabilities

/work/OSD/repo/upload/admin/view/javascript/ckeditor/ckeditor.js
↳ ckeditor 4.9.1 has known vulnerabilities: severity: medium; summary: XSS if the enhanced image plugin is installed; https://ckeditor.com/blog/CKEditor-4.9.2-with-a-security-patch-released/ https://ckeditor.com/cke4/release-notes severity: medium; summary: XSS vulnerability in the HTML parser; https://ckeditor.com/blog/CKEditor-4.11-with-emoji-dropdown-and-auto-link-on-typing-released/ https://snyk.io/vuln/SNYK-JS-CKEDITOR-72618
/work/OSD/repo/upload/admin/view/javascript/jquery/jquery-3.3.1.min.js


↳ jquery 3.3.1 has known vulnerabilities: severity: low; CVE: CVE-2019-11358, summary: jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, …) because of Object.prototype pollution; https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/ https://nvd.nist.gov/vuln/detail/CVE-2019-11358 https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b
/work/OSD/repo/upload/catalog/view/javascript/jquery/jquery-3.3.1.min.js


↳ jquery 3.3.1 has known vulnerabilities: severity: low; CVE: CVE-2019-11358, summary: jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, …) because of Object.prototype pollution; https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/ https://nvd.nist.gov/vuln/detail/CVE-2019-11358 https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b
/work/OSD/repo/upload/install/view/javascript/jquery/jquery-2.1.1.min.js


↳ jquery 2.1.1 has known vulnerabilities: severity: medium; issue: 2432, summary: 3rd party CORS request may execute, CVE: CVE-2015-9251; https://github.com/jquery/jquery/issues/2432 http://blog.jquery.com/2016/01/08/jquery-2-2-and-1-12-released/ https://nvd.nist.gov/vuln/detail/CVE-2015-9251 http://research.insecurelabs.org/jquery/test/ severity: medium; CVE: CVE-2015-9251, issue: 11974, summary: parseHTML() executes scripts in event handlers; https://bugs.jquery.com/ticket/11974 https://nvd.nist.gov/vuln/detail/CVE-2015-9251 http://research.insecurelabs.org/jquery/test/ severity: low; CVE: CVE-2019-11358, summary: jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, …) because of Object.prototype pollution; https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/ https://nvd.nist.gov/vuln/detail/CVE-2019-11358 https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b


/work/OSD/repo/upload/admin/view/javascript/jquery/datetimepicker/bootstrap.min.js
↳ bootstrap 3.3.5 has known vulnerabilities: severity: high; issue: 28236, summary: XSS in data-template, data-content and data-title properties of tooltip/popover, CVE: CVE-2019-8331; https://github.com/twbs/bootstrap/issues/28236 severity: medium; issue: 20184, summary: XSS in data-target property of scrollspy, CVE: CVE-2018-14041; https://github.com/twbs/bootstrap/issues/20184 severity: medium; issue: 20184, summary: XSS in collapse data-parent attribute, CVE: CVE-2018-14040; https://github.com/twbs/bootstrap/issues/20184 severity: medium; issue: 20184, summary: XSS in data-container property of tooltip, CVE: CVE-2018-14042; https://github.com/twbs/bootstrap/issues/20184
/work/OSD/repo/upload/admin/view/javascript/jquery/flot/jquery.js


↳ jquery 1.8.3 has known vulnerabilities: severity: medium; CVE: CVE-2012-6708, bug: 11290, summary: Selector interpreted as HTML; http://bugs.jquery.com/ticket/11290 https://nvd.nist.gov/vuln/detail/CVE-2012-6708 http://research.insecurelabs.org/jquery/test/ severity: medium; issue: 2432, summary: 3rd party CORS request may execute, CVE: CVE-2015-9251; https://github.com/jquery/jquery/issues/2432 http://blog.jquery.com/2016/01/08/jquery-2-2-and-1-12-released/ https://nvd.nist.gov/vuln/detail/CVE-2015-9251 http://research.insecurelabs.org/jquery/test/ severity: medium; CVE: CVE-2015-9251, issue: 11974, summary: parseHTML() executes scripts in event handlers; https://bugs.jquery.com/ticket/11974 https://nvd.nist.gov/vuln/detail/CVE-2015-9251 http://research.insecurelabs.org/jquery/test/ severity: low; CVE: CVE-2019-11358, summary: jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, …) because of Object.prototype pollution; https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/ https://nvd.nist.gov/vuln/detail/CVE-2019-11358 https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b
/work/OSD/repo/upload/admin/view/javascript/jquery/flot/jquery.min.js


↳ jquery 1.8.3 has known vulnerabilities: severity: medium; CVE: CVE-2012-6708, bug: 11290, summary: Selector interpreted as HTML; http://bugs.jquery.com/ticket/11290 https://nvd.nist.gov/vuln/detail/CVE-2012-6708 http://research.insecurelabs.org/jquery/test/ severity: medium; issue: 2432, summary: 3rd party CORS request may execute, CVE: CVE-2015-9251; https://github.com/jquery/jquery/issues/2432 http://blog.jquery.com/2016/01/08/jquery-2-2-and-1-12-released/ https://nvd.nist.gov/vuln/detail/CVE-2015-9251 http://research.insecurelabs.org/jquery/test/ severity: medium; CVE: CVE-2015-9251, issue: 11974, summary: parseHTML() executes scripts in event handlers; https://bugs.jquery.com/ticket/11974 https://nvd.nist.gov/vuln/detail/CVE-2015-9251 http://research.insecurelabs.org/jquery/test/ severity: low; CVE: CVE-2019-11358, summary: jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, …) because of Object.prototype pollution; https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/ https://nvd.nist.gov/vuln/detail/CVE-2019-11358 https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b
/work/OSD/repo/upload/admin/view/javascript/jquery/jquery-ui/jquery-ui.js


↳ jquery-ui-dialog 1.11.4 has known vulnerabilities: severity: high; CVE: CVE-2016-7103, bug: 281, summary: XSS Vulnerability on closeText option; https://github.com/jquery/api.jqueryui.com/issues/281 https://nvd.nist.gov/vuln/detail/CVE-2016-7103 https://snyk.io/vuln/npm:jquery-ui:20160721


↳ jquery-ui-autocomplete 1.11.4
↳ jquery-ui-tooltip 1.11.4
/work/OSD/repo/upload/admin/view/javascript/jquery/jquery-ui/jquery-ui.min.js
↳ jquery-ui-dialog 1.11.4 has known vulnerabilities: severity: high; CVE: CVE-2016-7103, bug: 281, summary: XSS Vulnerability on closeText option; https://github.com/jquery/api.jqueryui.com/issues/281 https://nvd.nist.gov/vuln/detail/CVE-2016-7103 https://snyk.io/vuln/npm:jquery-ui:20160721


↳ jquery-ui-autocomplete 1.11.4
/work/OSD/repo/upload/catalog/view/javascript/jquery/datetimepicker/bootstrap.min.js
↳ bootstrap 3.3.5 has known vulnerabilities: severity: high; issue: 28236, summary: XSS in data-template, data-content and data-title properties of tooltip/popover, CVE: CVE-2019-8331; https://github.com/twbs/bootstrap/issues/28236 severity: medium; issue: 20184, summary: XSS in data-target property of scrollspy, CVE: CVE-2018-14041; https://github.com/twbs/bootstrap/issues/20184 severity: medium; issue: 20184, summary: XSS in collapse data-parent attribute, CVE: CVE-2018-14040; https://github.com/twbs/bootstrap/issues/20184 severity: medium; issue: 20184, summary: XSS in data-container property of tooltip, CVE: CVE-2018-14042; https://github.com/twbs/bootstrap/issues/20184

/work/OSD/repo/upload/install/view/javascript/bootstrap/js/bootstrap.js
↳ bootstrap 3.0.1 has known vulnerabilities: severity: high; issue: 28236, summary: XSS in data-template, data-content and data-title properties of tooltip/popover, CVE: CVE-2019-8331; https://github.com/twbs/bootstrap/issues/28236 severity: medium; issue: 20184, summary: XSS in data-target property of scrollspy, CVE: CVE-2018-14041; https://github.com/twbs/bootstrap/issues/20184 severity: medium; issue: 20184, summary: XSS in collapse data-parent attribute, CVE: CVE-2018-14040; https://github.com/twbs/bootstrap/issues/20184 severity: medium; issue: 20184, summary: XSS in data-container property of tooltip, CVE: CVE-2018-14042; https://github.com/twbs/bootstrap/issues/20184


/work/OSD/repo/upload/install/view/javascript/bootstrap/js/bootstrap.min.js
↳ bootstrap 3.0.1 has known vulnerabilities: severity: high; issue: 28236, summary: XSS in data-template, data-content and data-title properties of tooltip/popover, CVE: CVE-2019-8331; https://github.com/twbs/bootstrap/issues/28236 severity: medium; issue: 20184, summary: XSS in data-target property of scrollspy, CVE: CVE-2018-14041; https://github.com/twbs/bootstrap/issues/20184 severity: medium; issue: 20184, summary: XSS in collapse data-parent attribute, CVE: CVE-2018-14040; https://github.com/twbs/bootstrap/issues/20184 severity: medium; issue: 20184, summary: XSS in data-container property of tooltip, CVE: CVE-2018-14042; https://github.com/twbs/bootstrap/issues/20184

/work/OSD/repo/upload/admin/view/javascript/jquery/jquery-ui/external/jquery/jquery.js
↳ jquery 1.10.2 has known vulnerabilities: severity: medium; issue: 2432, summary: 3rd party CORS request may execute, CVE: CVE-2015-9251; https://github.com/jquery/jquery/issues/2432 http://blog.jquery.com/2016/01/08/jquery-2-2-and-1-12-released/ https://nvd.nist.gov/vuln/detail/CVE-2015-9251 http://research.insecurelabs.org/jquery/test/ severity: medium; CVE: CVE-2015-9251, issue: 11974, summary: parseHTML() executes scripts in event handlers; https://bugs.jquery.com/ticket/11974 https://nvd.nist.gov/vuln/detail/CVE-2015-9251 http://research.insecurelabs.org/jquery/test/ severity: low; CVE: CVE-2019-11358, summary: jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, …) because of Object.prototype pollution; https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/ https://nvd.nist.gov/vuln/detail/CVE-2019-11358 https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b

Laravel 5.8.10 Open Source Dependency Vulnerability

Located in /public/js/app.js

↳ jquery 3.3.1 has known vulnerabilities: severity: low; CVE: CVE-2019-11358, summary: jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, …) because of Object.prototype pollution; https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/ https://nvd.nist.gov/vuln/detail/CVE-2019-11358 https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b

RetireJS Vulnerabilities Identified With RetireJS

I decided to scan RetireJS using its own codebase, and discovered the following issues in RetireJS:

/home/omi/clients/retire/firefox/test/web/dojo.js
↳ dojo 1.4.2 has known vulnerabilities: severity: medium; PR: 307; https://github.com/dojo/dojo/pull/307 https://dojotoolkit.org/blog/dojo-1-14-released

/home/omi/clients/retire/firefox/test/web/retire-example-0.0.1.js
↳ retire-example 0.0.1 has known vulnerabilities: severity: low; CVE: CVE-XXXX-XXXX, bug: 1234, summary: bug summary; http://github.com/eoftedal/retire.js/

/home/omi/clients/retire/firefox/test/web/retire-example.js
↳ retire-example 0.0.1 has known vulnerabilities: severity: low; CVE: CVE-XXXX-XXXX, bug: 1234, summary: bug summary; http://github.com/eoftedal/retire.js/

/home/omi/clients/retire/node/spec/tests/contentscan.spec.js
↳ jquery 1.8.1 has known vulnerabilities: severity: medium; CVE: CVE-2012-6708, bug: 11290, summary: Selector interpreted as HTML; http://bugs.jquery.com/ticket/11290 https://nvd.nist.gov/vuln/detail/CVE-2012-6708 http://research.insecurelabs.org/jquery/test/ severity: medium; issue: 2432, summary: 3rd party CORS request may execute, CVE: CVE-2015-9251; https://github.com/jquery/jquery/issues/2432 http://blog.jquery.com/2016/01/08/jquery-2-2-and-1-12-released/ https://nvd.nist.gov/vuln/detail/CVE-2015-9251 http://research.insecurelabs.org/jquery/test/ severity: medium; CVE: CVE-2015-9251, issue: 11974, summary: parseHTML() executes scripts in event handlers; https://bugs.jquery.com/ticket/11974 https://nvd.nist.gov/vuln/detail/CVE-2015-9251 http://research.insecurelabs.org/jquery/test/ severity: low; CVE: CVE-2019-11358, summary: jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, …) because of Object.prototype pollution; https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/ https://nvd.nist.gov/vuln/detail/CVE-2019-11358 https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b

The Art of Responding to Advisories, Responsible Patching, and Transparency with Users

Recently, I communicated 3 serious security vulnerabilities that affected major a Java-based CMS that powers.

I sent a message via e-mail, and they quickly released a “hot fix” that was merely hiding the vulnerable files behind their authentication system.

The reason this is not an effective way to protect your digital applications is because an authenticated user is the highest-profile target in a digital attack. If someone were to exploit these vulnerabilities, it would most likely be through a spear-phishing scheme.

What was most surprising was that none of these 3 security vulnerabilities were addressed in their change log, and the most recent post that stated “vulnerability” was a full major version ago.

So, what does a security researcher do at this point?

Let’s try getting them on the phone and scheduling a time to work through proper remediation.