WordPress Version 4.7.2 was released January 26, 2017 and it fixes multiple newly discovered security vulnerabilities. People who have not upgraded may soon discover:
- Hacked error messages in Google search results
- Hacked Error message in Google Search Console
- Hacked content errors in search console
- Or they may discover weird hacked messages when sharing a recent post to Facebook or Twitter.
Errors people will soon discover may include:
- Hacked by White HAt Hacker
- i am white Hat Hacker please update your wordpress
- Hacked By Not Matter who am i i am white Hat Hacker please update your wordpress
Update February 9, 2017: Please see this article on how to fix this: How To Fix and Secure WordPress Websites Hacked February 2017.
A few quick Google searches show me that this hack I just discovered has already affected around 3,000 websites. It is a safe bet that within a few days tens of thousands more sites will likely show up hacked. Securi is calling this “MW:DEFACED:01?defacement.generic.157”.
To see the thousands of sites which are hacked, just punch this in to Google, with the quotes: “i am white Hat Hacker please update your wordpress”.
Here’s a screenshot for the lazy:
What the heck?
If this is the first time having your WordPress website hacked, be thankful. WordPress is sort of like running the Windows operating system. Is is great and all but you have to back it up and run the updates. Additionally, the more plugins you have, the more exposed you are. WordPress is great as long as you follow these precautions and I highly recommend it.
At this time, I am unsure of how to fix the problem, but simply upgrading the site may repair it.
It seems that this was a “nice” hacker just doing you a favor. Then again, I hesitate to call this person a “hacker” as they are simply exploiting a known security vulnerability. Back in the day we called these people “script kiddies”. Even so, you may feel a bit violated, but he or she is helping you.
Have you been hacked?
If you aren’t sure, punch in your URL here for a free check: sitecheck.sucuri.net
If your site was hacked feel free to contact me. I work with a variety of security experts and can point you in the right direction depending on the severity of your WordPress woes.
Please also feel free to comment below and tell the world about your problems.