WordPress Popup Builder plugin causing sites to get hacked
31st January 2024
,31st January 2024
,We quickly deduced the site had been hacked, and traced the hack back to a plugin the client had installed called Popup Builder. If you are battling this same hack, then you can read a detailed breakdown of what you need to do over on Securi's blog. Ends up the weakness in the plugin was discovered a long time ago, and started being exploited in December 2023 after details of it were published - by which time it was probably hoped people would be upgraded. The bad guys acted quickly, and thousands of sites which hadn't upgraded were quickly infected.
The thing with hacks, is that thorough ones leave themselves a Back Door. This means that you might clear up the infected files, or delete the added code, but the hackers of done something else - that's very hidden - to let themselves back in. In this case, one of the things they did was install their own nasty plugin, which they hid from the main list of plugins so you wouldn't know it was there.
This is why it can take a long time to clear up a hack - you are basically looking for stuff but you don't know what (unless there happens to be a blog post detailing it as cited above, but you don't always find that blog post at the right time) and as soon as you remove it, it can just magically come back again (because the hackers are able to put it back again via the Back Door, with code watching for when it's resolved, ready to pop it back).
This is another lesson in why it's important to keep your plugins - on any platform, not just WordPress - up to date. Please do get in touch if you need a hand.
29.02.24
We are delighted to announce that 18a has been recognised for its outstanding work in the "Web Design Agency of the Year - UK" category at… Read →
27.02.24
I recently had an interesting problem to solve. I'd built a brand new author website on a shiny installation of Laravel 10, utilising its out-of-the-box… Read →
15.02.24
WordPress is the incredibly popular blogging-come-full-website platform that powers over 835 million websites* in 2024. It's functionality is extended by plugins, and one such very… Read →