What you need to know about WordPress and the MuhmadEmad Hack

According to, within the past 24 hours of the publish date of this article (February 10, 2017), there has been a 26% spike in defacement attacks against web sites driven by WordPress (see article). Reportedly, the attacks have successfully hacked the Utah Office of Tourism Industry, Ireland’s National Treasury Management Agency, Glenn Beck, Vanderbilt University and others. Furthermore, Wordfence reported a 50% spike in break-in attempts between Thanksgiving and Christmas.

Here are a few tidbits of information to help you protect your site against such malicious attacks.

What is Defacement?

Web site defacement is an attack on a web site that changes the appearance of the site. They can either change an item on a page, an entire page itself, or even replace the site with another.

How do hackers access a site?

Hackers access the site through a number of methods, including:

  • Finding a vulnerability in WordPress, which is what the MuhmadEdmad attack did
  • SQL Injections
  • Using software to attempt to identify your username and password for either a WordPress system or FTP username

What Harm Can a Hacker Do?

Frequently hackers break in and do things simply to prove their skill as hackers. Sometimes they can use your site to distribute viruses and malware. However, defacement impact your business as would-be customers will not have access to the content and/or functionality on your site.

How do I protect My Site Against An Attack

There are several easy things you can do to prevent an attack to your site, and no, you don’t have to be a developer to implement them.

  1. Update WordPress & Plugins
    Apparently, the MuhmadEmad hacker exploited a vulnerability in WordPress that has been fixed in WordPress’ 4.7.2 release.Also be sure to keep your plugins updated. Be sure to back up both your files and database prior to updating WordPress. You can easily accomplish this through a free plugin.
  2. Install a Security Plugin
    A security plugin such as Wordfence or Brute Force Login can help prevent intrusions into your site. The plugin will automatically block IP addresses that attempt to hack into your site. They can also block countries or people who attempt to use invalid usernames to get into your site. Some will even go so far as to look for malware that may have been placed on your site. 80-90% of the functionality you need will be available in free versions of these security plugins.
  3. Use Secure Passwords
    Not only should you make sure that you create secure passwords, but you should change them periodically. Secure passwords should be used on the FTP account for your hosting server, the user accounts for your WordPress web site, and your email accounts. Services such as Last Pass can maintain your passwords for you if you don’t want to have to try to remember all of the passwords for all of the web sites you visit or services you use.

Is it a Good Idea to Use WordPress?

WordPress is one of the most commonly used content management systems on the internet. It provides so many benefits to both developers and web site owners, that it is a great platform to use for your site. However, its sheer volume of installations make it a target for dishonest and unscrupulous individuals and groups. Provided that you take the necessary security precautions as listed above, your site will be protected and secure.

What Do I Do If My Site Has Been Hacked?

If your site has been hacked, there are a few things you can do to get it back.

  1. Immediately change your passwords
    Change all of your passwords to any account that has access to your site. That includes the admin users to your web site, your FTP account on the hosting server, and your control panel access on the hosting server.
  2. Restore the site from a backup.
    You should be regularly backing up your web site. If it has been hacked, you can restore a back up of your web site from prior to the hack.
  3. Run a malware scan
    There are many free plugins that can run a scan of your web site to look for any malware and/or obfuscated code. Some of them will even identify files that hackers place and coyly attempt to make look like system files.

If none of those options work, it may be time to call for more help. Give us a call at 801.649.4057 and we’ll point you in the right direction.