Background: In version 1.4.2, even unauthorized users could basically perform all actions on the WordPress website and in particular create their own user with admin rights.
WordPress -Check user
You should therefore also check the list of WordPress users on your website. The spammer has always been known here under the name t2trollherts with the mail address firstname.lastname@example.org registered.
One of the most effective hacks of recent times
Unfortunately, security gaps in Plugins can never be ruled out. But the simplicity of the hack and the effectiveness were amazing this time. This Plugin has over 100.000 installations! It is ironic, of course, that this happens with a data protectionPlugin hack.
What can happen?
The user has admin rights. He can therefore site make various changes on the. However, our customers have shown that no immediate changes have been made here. Also in scans, which were made with the securityPlugin Wordfence were carried out subsequently, no critical cases were detected.
This is how you should proceed
1. update the Plugin WP GDPR Compliance to the latest version 1.4.3.
2. delete the erroneous WordPress -User (e.g. t2trollherts).
To delete a WordPress user, proceed as follows:
- Log in to yourssite
- In the WordPress dashboard, click on User → All users
- To delete a user, select the user using the selection box on the left and then select "delete" in the action drop-down menu at the top of the Multiple Actions
If you are a Backup system you can also import the backup from Monday (November 5). The probability that someone has already gained access to yours site is quite low, since the acute hacks did not take place until Thursday (November 8th). But after that, make sure to Plugin update the backup.
Alternatives GDPR -Plugin: Now, if you have concerns about this GDPR plugin we recommend WP GDPR Tools as an alternative.
How you prevent such a hack in the future
A proven way to prevent a hack of this type is to use automatic Pluginupdates. As ManagedWordPress hoster , this is one of our core offerings to relieve our customers of as much work as possible and thus give them more freedom.
In this specific case, our Fully Managed customers the Pluginupdate to the secure version 1.4.3 was performed in the night of November 8. These customers were therefore not affected by the hack.
If you want to use ours Fully Managed plan for 20 Euro instead of 30 Euro (net) per month, you can use the following link: FULLY MANAGED Special. The discount is then automatically available when you activate your BOX after the trial period. RAIDBOXES customers can upgrade to the fully managed plan via the chat.