Major Redirection Hack Attack on WordPress Websites in August

Screen of a Hacked website

Hackers redirected WordPress sites to other pages

Sucuri reports that a major attack on WordPress websites took place during August. You can read the technical details on the Sucuri blog.

In this attack the hackers inserted scripts that redirected site visitors to random pages that contained a fake Google reCAPTCHA image. The visitors were encouraged to click the reCAPTCHA link to verify themselves and subscribe to browser notifications, although the types of notifications were not defined.

How was this attack carried out?

The attack was made possible through vulnerabilities in two WordPress elements:

  1. A vulnerability in themes by tagDiv
  2. A vulnerability in the Ultimate Member plugin

Both vulnerabilities were fixed a long time ago.

Outdated plugins and themes

The fact that more than 2,000 websites were hacked in this way illustrates why I am so fixated on keeping software up to date. Had the website owners done so, their sites would not have been hacked.

The 2 vulnerabilities I listed above were fixed long before this attack took place, but the website owners had simply failed to update the themes and plugins that were affected. So their sites were hacked.

Why they had not done the updates is anyone’s guess – it’s not difficult!

One possible reason for not updating a theme is where it has been customized. Updating a customized theme will cause the changes that were made to be over-written.

But that is the reason for the existence of child themes.

Making changes to the layout of a website in a child theme will ensure that any updates to the parent theme will not affect those changes, so there really is no excuse for not updating themes.

Keep your software up to date!

Since this is not an article on child themes I’m not going to talk more about those here.

Suffice to re-emphasise the importance of keeping all the software on your websites up to date.

If you have any questions or worries leave me a comment below.


Martin Malden

P.S. Is your WordPress website as secure as it could be? Take a look at the WordPress security products I have reviewed (I use all of them and I’d be happy to answer any questions you may have):