On November 9th it was discovered that the WP GDPR Compliance Plugin for WordPress (with over 100,000 installations) was exposed as having a flaw in the coding.
The issue that hit some of our clients and thousands of others on the internet was one of two variants in the wild.
- One bot that hit websites only made a redirect script to change the URL of the WordPress installation to point to a Romanian Political website.
- Another variant made new admin users, uploaded files, changed pages and more on the sites it infected.
- You will need to identify if new files have been uploaded to your website, new users created that should not be there and remove these.
- Signs of infections mainly consist of the website not loading, or not loading properly, or possibly redirecting visitors to erealitatea (dot) net.
(Source)
Simply editing the DB entries for these Site URL values, and uploading all related plugins was the solution. Additionally we installed Wordfence in every one of the affected sites, as it was reported, and observed by Sneaker that sites with the Free WordPress Security plugin were not affected by the bot. Wordfence has a built in firewall protection that works great with WordPress.
We in the past have only used Wordfence on a few of our client sites due to the resource intensive and memory usage on a server. When Wordfence runs scans on the website (an excellent feature) for changes, infections and more, it can and typically does slow down website responsiveness.
Previously our go to security plugin was iThemes which has another set of excellent features but no firewall. This issue popping up was enough to make us change our number one recommended free security plugin to Wordfence for our clients.
Additional protection is recommended on E-Commerce websites and at this time we are introducing some of our clients to Cloudflare.com a CDN network with built in – one click install WordPress front end firewall.
