64.gif

Search (advanced search)
Use this Search form before posting, asking or make a new thread.
Tips: Use Quotation mark to search words (eg. "How To Make Money Online")

07-27-2017, 04:26 AM
Post: #1
WORDPRESS SECURITY ALERT!!! MUST READ
Hello mates,
I received this email this morning from Wordfence about a new hacking threat
to your WordPress site (that is if you use WordPress) and thought it a good read
for everyone here...


"This morning, Brad Haas, our Security Services Team lead,
has written a blog post describing how attackers
are exploiting a file that is commonly used for site maintenance.
We have seen a rise in malicious scans trying to find this file,
so we wanted to make the community aware of the dangers
associated with it.

We include detailed screenshots showing how it works, how
the file is exploited and how to detect it if you have it on
your system. We also include instructions for what to do
if you have been hacked.

You can read the full post on our blog"
...


Code:
https://www.wordfence.com/blog/2017/07/searchreplacedb2-security/?utm_source=list&utm_medium=email&utm_campaign=072517

Hope this helps you in mitigating any possible future agony and frustration.

Regards,
ebizmoney
Thank you BBHF Family for your kind sharing your thoughtful caring and your reps.
07-27-2017, 10:09 PM
Post: #2
RE: WORDPRESS SECURITY ALERT!!! MUST READ
Thanks for the 'heads-up'.

But to avoid everyone panicking (and having read the entire article) this hack ONLY APPLIES if you have added a particular 'search and replace' plugin tool to your site

i.e. it does NOT apply to most 'normal' Wordpress installations.

Here's the relevant summary:

Several years ago, web publishing company Interconnect/IT released a handy tool for finding and replacing text in a website’s database. This tool, a stand-alone file published as searchreplacedb2.php, includes built-in WordPress compatibility that makes working with WordPress databases a breeze.


So, if you don't use this tool, you have nothing to worry about.

HTH ;-)
09-19-2017, 09:40 PM
Post: #3
RE: WORDPRESS SECURITY ALERT!!! MUST READ
Thank you so much for let us know about this info. I didn't know about this. Great info so far. lol
09-22-2017, 10:04 AM
Post: #4
RE: WORDPRESS SECURITY ALERT!!! MUST READ
I like WordFence. It's a great free security plugin. Use it on all my sites.
10-26-2017, 12:24 AM
Post: #5
RE: WORDPRESS SECURITY ALERT!!! MUST READ
(07-27-2017 10:09 PM)kirstie Wrote:  Thanks for the 'heads-up'.

But to avoid everyone panicking (and having read the entire article) this hack ONLY APPLIES if you have added a particular 'search and replace' plugin tool to your site

i.e. it does NOT apply to most 'normal' Wordpress installations.

Here's the relevant summary:

Several years ago, web publishing company Interconnect/IT released a handy tool for finding and replacing text in a website’s database. This tool, a stand-alone file published as searchreplacedb2.php, includes built-in WordPress compatibility that makes working with WordPress databases a breeze.


So, if you don't use this tool, you have nothing to worry about.

HTH ;-)

Thanks for the sum-up. I use WordFence on my setups and it is usually super on top of stuff. Glad I don't have a special search plugin.
76.gif
11-30-2017, 08:08 AM
Post: #6
RE: WORDPRESS SECURITY ALERT!!! MUST READ
Thanks for the share.
12-30-2017, 01:04 PM
Post: #7
RE: WORDPRESS SECURITY ALERT!!! MUST READ
Hmmm it would be interesting to set up a honey pot with that plugin to catch any hackers that want to try and steal your info. Instead you catch them and give them the appearance they've gained access, and instead get them to fork over information about themselves to you like their real IP or even display a message to them.
01-11-2018, 01:16 AM
Post: #8
RE: WORDPRESS SECURITY ALERT!!! MUST READ
Thanks for sharing this bud.Never got to hear about this.




27.gif