WordPress and the Dark Side of Defacements

August 24, 2016 in Website Security

A special thank you to Yvonne Conway-Williams for her time and participation in the interview for this article.

At a recent WordCamp, I met Yvonne Conway-Williams, a social media marketing expert and front-end web developer. She approached our sponsor booth inquiring about website security. That’s when she said; “I wish I had found SiteLock two years earlier.” Struck by the comment, I asked her what had happened. Conway-Williams shared that on January 30, 2015, she and her husband returned home from a long day to find her client’s website, a local car club, defaced. Instead of her client’s homepage, the website featured a front page promoting and recruiting for ISIS, the terrorist organization.

Defacement occurs when a legitimate website is replaced with a hacker’s site. ISIS defacements often consist of a series of photos and pro-ISIS, anti-America rhetoric. Within a few hours of discovering the defacement, Conway-Williams was on the phone with the FBI. “It was very disconcerting how easy it was for them to access everything. The defacement was so easy,” she said.

A Developing Pattern

Unfortunately, this developer’s situation is not an uncommon one. Googling “ISIS website defacement” brings up a string of articles. Over the last two years, pro-ISIS hackers and hacking groups have defaced hundreds of websites. Recently, a hacking group by the name “Team System DZ” defaced multiple Wisconsin government websites, replacing the sheriff’s website and Richland County Government pages with ISIS propaganda.

Screen Shot 2016-08-09 at 10.22.25 AM

Photo from kevin.borgolte.me

For Conway-Williams, the defaced website was not an eCommerce or large business website, in fact, the website owners did not even know about the defacement until Conway-Williams contacted them. The website was a local car club running on the WordPress platform. To fix the problem, she took her client’s website completely offline and moved the content to a new host. The entire ordeal took over 24 hours to solve and, “It injured my business,” said Conway-Williams.

Why WordPress? Why My Website?

Regardless of whether your website is a personal blog, a small eCommerce site, or a corporate business, you are at risk of a cyber attack. However, you may not be at risk for the reasons you think. The content of your website, number of visitors, or whether you accept payment may not be a factor. WordPress remains the largest CMS and holds a large market share of the internet. When vulnerabilities are discovered within WordPress, they affect hundreds of thousands of users, making them the perfect target for ISIS hackers spreading propaganda. According to author Nimrod Luria in a recent Infosec Island article, “The (hacked) sites appear to have one thing in common: they are all built on the WordPress content management platform.” So, your website may be a target because you share a common denominator with thousands of other websites: you run on WordPress.

What Can I Do to Protect Myself From Defacements?

There are ways to protect your website from similar defacements. Here are a few simple, but crucial steps that help keep your website secure:

  1. Make sure your website is backed up. If your site is defaced, simply upload the back-up to your website.
  2. Stay current with all WordPress plugin and software updates. Hackers succeed by identifying and exploiting vulnerabilities in old versions of software or plugins.
  3. Use a malware scanner and web application firewall (WAF). The scanner will identify and alert you to whether there is any existing malware on your website. Once identified, the malware is removed. Install a WAF to protect your website from any future cyber attacks or malicious attempts.

Being a part of the WordPress community is a wonderful thing. But, when widespread issues such as defacements arise, it is important to know how to keep your website and your hard work protected!

Latest Articles
Follow SiteLock