Hackers defaced WordPress sites thru pirated themes

This week we have seen a wave of “bulk defacing” of WordPress websites by some group of hackers. This have happened to many web hosting providers in the industry. After investigation, we have found that the hacker found a vulnerability in the wordpress theme to inject his SQL code and deface the home page of the blog. This is NOT a server-level vulnerability issue and is only specific to WordPress blogs that have a theme specific vulnerability . Click here to read the article that explains this vulnerability.

In most of these cases, the customer was using free/pirated wordpress theme, which had a backdoor. This backdoor was programmed to be auto activated at certain date/time and notify the hacker of the site’s presence. When the hacker have got hold of enough websites, they started defacing them to gain “popularity” in the hacker’s community (click here to see).

To fix your hacked website, you need to login to your WP admin and change the site’s title (which contains the hacker’s signature). Moreover, you may have to update index.php of your WordPress with a fresh file. We strongly advice to use themes purchased from reputed sellers. The free/pirated themes may have backdoors and that’s why hackers publish them for free.

Another way to fix this issue is to restore your website from a clean backup that you may have. After the restoration, you should switch your WordPress theme to the default theme OR purchase a theme from a reputed seller and customize it.