Your WordPress Website? ISIS is After You — FBI Warns

What does it take to be a “so called WordPress expert” who can develop a site based on WordPress? Well, nothing! Almost ZILCH!!!. Here’s how you can be one.
You should know how to download the compressed file, how to unzip the compressed archive.

You should know how to do FTP upload, run the install script and buy some readymade template (there are tonnes of them available for a few thousand rupees per piece) add few plugins and viola – your site is up. Believe me, a grade six kid with his dad’s credit card can do all this once taught.

Well, let’s face it! WordPress has become popular because it’s so damn easy and so damn cheap to get a website up and running.

Is it CHEAP? Not really!
Do you know how to upgrade a Wordpress site running a custom template – the default template is useless to be used on any site? Most probably the answer is NO! This is because it was some kid round the corner who claimed to be a developer and did all of the above for you with never to show their face again after taking the check. But, what’s the big deal?

If you don’t upgrade or patch in time, your site is a sitting duck for hackers around the world. Yes, you heard it right. ISIS terrorist organization could be after your vulnerable WordPress based website. The United States Federal Bureau of Investigation (FBI) is warning WordPress users to patch vulnerable plugins for the popular content management system before ISIS exploit them to display pro-ISIS messages.

The warning from the FBI follows a number of website defacements in March that affected the US and European organisations, ranging from government to community websites, which saw them plastered with images and claims the attackers were linked to the extremist group known as ISIS or ISIL.

"These individuals are hackers using relatively unsophisticated methods to exploit technical vulnerabilities and are utilizing the ISIL name to gain more notoriety than the underlying attack would have otherwise garnered," the FBI said in its public service notice.

"Methods being utilized by hackers for the defacements indicate that individual websites are not being directly targeted by name or business type."

This is neither the beginning nor the end because WordPress and its plethora of plugins have an awful history when it comes to security. It’s so bad that once WordPress site itself was hacked, and the download archive was modified with backdoor and uploaded so that anyone who installed after that gave hackers backdoor access to servers where it got installed.

The one common link between all victims of the defacements was that their websites had insecure WordPress plugin with security holes that, according to the agency, are "easily exploited by commonly available hacking tools".

If you want to avoid the expensive nightmare of constantly upgrading the site and spending more time on focusing on your business, it’s time that you dump the site based on WordPress. Think of migrating to a commercially supported CMS software done by developers who are available round the clock and are under contract to ensure that your site is secure.

If not, who knows your site could be the next to be hacked by ISIS with their message plastered across your website.

Keywords: wordpress site hacked, hacked websited, unsecure cms software, cms softwares hacked, hacked wordpress, wordpress unstable, hacking waordpress sites, wordpress bugs