WordPress Version 4.7.2 was released January 26, 2017 and it fixes multiple newly discovered security vulnerabilities. People who have not upgraded may soon discover:

Errors people will soon discover may include:

  • Hacked by White HAt Hacker
  • i am white Hat Hacker please update your wordpress
  • Hacked By Not Matter who am i i am white Hat Hacker please update your wordpress

Update February 9, 2017: Please see this article on how to fix this: How To Fix and Secure WordPress Websites Hacked February 2017.

A few quick Google searches show me that this hack I just discovered has already affected around 3,000 websites. It is a safe bet that within a few days tens of thousands more sites will likely show up hacked. Securi is calling this “MW:DEFACED:01?defacement.generic.157”.

To see the thousands of sites which are hacked, just punch this in to Google, with the quotes: “i am white Hat Hacker please update your wordpress”.

Here’s a screenshot for the lazy:

Screenshot of hacked wordpress sites popping up in February 2017

What the heck?

If this is the first time having your WordPress website hacked, be thankful. WordPress is sort of like running the Windows operating system. Is is great and all but you have to back it up and run the updates. Additionally, the more plugins you have, the more exposed you are. WordPress is great as long as you follow these precautions and I highly recommend it.

At this time, I am unsure of how to fix the problem, but simply upgrading the site may repair it.

It seems that this was a “nice” hacker just doing you a favor. Then again, I hesitate to call this person a “hacker” as they are simply exploiting a known security vulnerability. Back in the day we called these people “script kiddies”. Even so, you may feel a bit violated, but he or she is helping you.

Have you been hacked?

If you aren’t sure, punch in your URL here for a free check: sitecheck.sucuri.net

If your site was hacked feel free to contact me. I work with a variety of security experts and can point you in the right direction depending on the severity of your WordPress woes.

Please also feel free to comment below and tell the world about your problems.

Len
7 Comments
  1. Hello Len,
    we have several websites of our customers, that got hacked within the last days. How can I be sure, that if I updated the infected Websites and repair the manipulated content, that the hacker did not get access to the usernames and passwords?
    Thanks for your help
    Catharina

    • Hi Catharina,

      I think in this case you are fine, it was just a ‘drive by’ and they injected some notices into your feed. I would run the update. I will email you as well as I would like to know if this fixes it.

      Also – in most attacks they get in through a hole, they usually do not have (or need) passwords.

      Thanks,
      Len

      • Hi Len,

        We ran the updates and reseted the manipulated posts to the last revision. Only posts where hacked, no pages.

        We have had different hackers, not only the “white hacker”, but in every single case, there was a message on one or two posts.

        That was on Monday. Since then, we have not had any further problems.
        We have not changed our passwords… I really hope, that this is not a remaining risk, because as we are an agency we have a lot of websites for our customers. It would probably take a day to change all the users for all the websites.

        Thanks for your help!
        Catharina

  2. I am getting a message on my wordpress pages which says “Hacked By Imam with Love”

Leave a Reply