FBI Issues PSA: ISIL Defacements Exploiting WordPressVulnerabilities by @mattsouthern

The Federal Bureau of Investigation (FBI) has issued a public service announcement aboutcontinuous website defacements occurring as a result of a vulnerability in the WordPress contentmanagement system.

The FBI reports these defacements are being carried out by individuals sympathetic to the IslamicState in the Levant (ISIL) a.k.a. Islamic State of Iraq and al-Shams (ISIS).

"The defacements have affected Web site operations and the communication platforms of newsorganizations, commercial entities, religious institutions, federal/state/local governments, foreigngovernments, and a variety of other domestic and international Web sites."

Only websites running on the WordPress content management system are vulnerable to theseparticular exploits. Since the attackers are using "relatively unsophisticated" methods to gain accessto WordPress sites, the defacements are apparently easy to fix, but can certainly cause a disruptionto business operations.

Although easy to fix, it is a serious issue because the vulnerability could result in an attacker takingfull control over a website.

If your website has been targeted, the FBI recommends taking the following actions:

Review and follow WordPress guidelines:

Identify WordPress vulnerabilities using free available tools such as

Update WordPress by patching vulnerable plugins:

Run all software as a non-privileged user, without administrative privileges, to diminish the effectsof a successful attack

Confirm that the operating system and all applications are running the most updated versions

Since websites being attacked are compromised through vulnerabilities in WordPress plugins, oneway to protect yourself from an attack is to keep your plugins updated.

Accoring to WordPress securing blog Sucuri, the top 2 plugins currently being exploited are:

RevSlider (Version 4.2), and GravityForms (Version v1.8.20). Note that only older versions of theseplugins are being exploited, so if you have the latest versions installed you should be protected.

In addition, there have also been attacks reported against several other plugins, including FancyBox,Wp Symposium, Mailpoet and others. Attackers are said to be exploiting anything they can get theirhands on, so the best course of action is to update everything.

Matt Southern is the lead news writer at Search Engine Journal. His passion for helping people in allaspects of online marketing flows through in the expert articles he contributes to many wellrespected publications across the web. Contact him via his website if you'd like him to write for you.

Latest posts by Matt Southern (see all)