We use cookies
We use cookies to optimize our website. By continuing to browse the site, you agree to our use of cookies.
New design
Control panel
  • Русский
  • Українська
  • English
  • UAH
  • USD
  • RUB
  • EUR
  • 0-800-307-307 Hotline
  • +38 (044) 392-74-33 Kiev
  • +38 (057) 728-39-00 Kharkiv
  • +38 (056) 794-38-31 Dnipro
  • +38 (032) 229-58-93 Lviv
  • +38 (048) 738-57-70 Odessa
  • +38(093) 170-15-42  Life
  • +38 (067) 400-88-44 Kievstar
  • +1(888)393-24-51  USA, Toll free
  • +44(131)507-01-14  Great Britain
  • +7 (499) 348-28-61 Moscow

2.13.1.1.11. Popular plugin vulnerabilities

In February-March 2020, vulnerabilities were found in very popular plugins:

  • Duplicator... The vulnerability found allows obtaining a configuration file or any other site file, which, in turn, can almost completely open access to site management and changes.
  • Popup Builder... The vulnerability found allows an unauthorized user to execute any JavaScript code on any page, and authorized users with any access rights to export important site data, as well as gain access to control the plugin itself.

There are also many other plugins in which vulnerabilities have been found. We recommend checking the security of your site by checking for vulnerabilities for the themes and plugins used. We also strongly recommend not to use third-party developments or copies of paid extensions.

Information about the vulnerabilities found in plugins can be found, for example, on the following sites:

  • WordPress Vulnerabilities - found vulnerabilities in WordPress plugins and themes.
  • WordFence - found vulnerabilities CMS WordPress and related products.
  • CVE - found vulnerabilities CMS WordPress and related products.

At the moment, the most common consequence of a hack is the installation of a redirect to third-party sites. If you have the specified plugins or you suspect that your site may have been hacked, we recommend that you follow the steps to elimination of vulnerabilities.

To eliminate the problems that have arisen, we highly recommend that you follow the following steps:

  1. Temporarily block access to the site to perform troubleshooting steps:
    • If you do not have additional settings in the section "Access limitation"Then customize access only from your or the desired IP addresses by enabling the "Deny access to the site for everyone, open access only to the following IPs"And specifying your IP address in the field"List of IP addresses».
    • If you have previously set access settings in the section "Access limitation", Then you should install access restriction in .htaccessby specifying your IP address so that only access from it.
  2. Create a backup copy of the site and database with the current state in case of problems in restoring the site's health.
  3. Produce reinstallation core WordPress.
  4. Change the site urlif it was affected and a redirect to third-party sites occurs.
  5. Update plugins on the site to the latest version.
  6. Change administrator password. We also recommend Change passwords of all users or recommend to do it yourself.
  7. Change the passwords of the connected database and FTP-users:
    • Change the database user password, and update WordPress config file settings.
    • Change user password FTP and update them if they have been used anywhere on the site.
  8. Disable the restriction of access to the site, depending on the selected method from paragraph 1.
  9. Analyze access logs for suspicious requests. In the search box, enter URL action=duplicator_download or wp-config.php and check the logs for the last few weeks / months. If such requests are found, then you should consider the possibility access restrictions for the IP addresses from which they were executed.