Plugin Vulnerabilities: Zero-Day Exploit Hits WordPress Fashion Blogger

January 30, 2020

The desks were filled in the SiteLock Security and Research departments. Our security analysts were furiously working to manually clean malware from a number of WordPress sites. As each site was cleaned a trend began to emerge. Sites built with WordPress were experiencing a malicious redirect that originated in the Yuzo Related Posts plugin due to a Cross-Site Scripting (XSS) vulnerability. Our security analysts recognized they were cleaning the same malware strain found in the Yuzo zero-day exploit.

Lydia Swanson, fashion blogger and owner of was just one of many website owners experiencing this issue. In Swanson’s case, the attack not only impacted revenue but also put the future of her brand at risk.

Discovering the Malicious Redirect

Swanson had just given birth to her third child and was finally getting back into the swing of running her blog. After having taken a short maternity leave, the fashion blogger wanted to ensure her site was in tip-top shape as she got to work on her most recent sponsorship. “I like to check [my website] from time to time to ensure everything is working properly,” Swanson explained, “because you hear about bloggers getting hacked all the time.”

However, instead of viewing a modern home page with beautiful images of her most recent outfits, Swanson was redirected to a site she didn’t recognize. Assuming it was a one-time error she typed her domain name into other browsers and devices, hoping the she’d spent years building was going to pop up. To her dismay, no matter how many times she tried, Swanson continued to be redirected to site after site she didn’t recognize. “My heart sank, and I was faced with exactly what I was afraid of, my site had been hacked,” Swanson said.

Finding Help in the Midst of an Attack

“I was not able to do much to fix it myself, it was already too late. I had lost full control,” Swanson said.

In a panic, she called her hosting provider, who quickly transferred her to their website security partner, SiteLock. “Someone answered right away,” Swanson described, “and I was happy to hear a friendly voice on the other end and not some automated machine.” After explaining her story to the SiteLock cybersecurity consultant, he explained that Swanson was most likely another victim of the Yuzo Zero-Day Exploit.

A Personalized Cybersecurity Solution

Based on her site and unique needs, Swanson was recommended the SiteLock SecureGrowth cybersecurity package, which is designed exclusively for informational sites with light lead generation activity like Featuring premium scanning technology that proactively identifies and automatically removes malware and other security threats, a premium web application firewall (WAF) to help protect against bad bots and traffic, as well as manual removal of existing malware, SecureGrowth was the perfect solution for Swanson. With SecureGrowth in place, Swanson has confidence in knowing her website is protected and she has the freedom to focus on her business.

SecureGrowth Includes:

Premium (WAF) Firewall:

  • Content Delivery Network (CDN) — increasing site speed by an average of 50 percent.
    • Advanced Content Caching — ensuring content loads almost immediately.
    • Blocks Malicious Traffic — allowing only legitimate visitors through to the site.
    • Threat Blocking — preventing top threats (like the one Swanson was hit with) from ever entering the site.

Premium Scanner:

  • SMART- the most robust scanner in the industry, finding and automatically removing malware from website files*.
  • Vulnerability Alerts – informing the website owner of any vulnerabilities found in website files and patches these vulnerabilities found in outdated, CMS core files, plugins, and ecommerce platforms.
  • Weekly Reports – keeping the site owner abreast of any discoveries made during daily scans.

Expert Services:

  • Manual Clean – our top tier security analysts manually locate and clean active infections and alert the website owner on how to prevent the infection from recurring.

“One little plugin was able to cause so much damage.”

It would only take a few hours for to be fully protected with SecureGrowth and have all malware manually cleaned from the site. “I was so anxious that I called back several times to check on the progress, and SiteLock was very friendly in keeping me up to date on the process,” Swanson explained.

While the scanner and WAF were being set up, SiteLock security analysts were hard at work searching for the cause of the malicious redirect and cleaning it from the site. Once the infected plugin was identified, SiteLock security experts cleaned the site, renamed the plugin to prevent it from running, and emailed Swanson advising her to remove the plugin from her site to prevent re-infection.

As a result of the attack, Swanson saw a noticeable decline in her monthly revenue, which she largely attributes to broken affiliate links and lost sales she would have received through organic search engine traffic. The cyberattack also put Swanson’s active and upcoming partnerships at risk as brands do not want to associate themselves with hacked sites.

The Impacts of Cybersecurity

Since implementing a comprehensive cybersecurity solution, Swanson has not experienced another hack. In fact, she says that her visitors are actually happier when visiting due to the faster load time, courtesy of her SiteLock content delivery network (CDN).

Outside of tangible improvements, Swanson says her SiteLock services have given her peace of mind. “Knowing that the brands that I work with won’t need to worry about these issues is huge for me.”

With security no longer a worry for Swanson, she now focuses on supporting her growing family through content creation for her blog, increasing site traffic, and developing new relationships with brands across the globe. Whenever Swanson wants to check on the security of her website, she reviews the weekly summary, logs into her SiteLock dashboard for comprehensive reports, or calls SiteLock Customer Success with specific questions.

Since her website was attacked, Swanson now practices excellent security habits; she updates her passwords routinely and ensures all plugins and CMS updates are completed upon release.

As for other fashion bloggers? “My advice is to get your website secured, stat!” Swanson says.

Latest Articles
Follow SiteLock