Could ISIS deface your WordPress website?

Run a WordPress website or know somebody who does?

Then the FBI has sent you a stark warning. Make sure that your WordPress installation and ALL installed plugins are updated, or people apparently working on behalf of ISIS (or ISIL) could very well be defacing your website some time soon.

WordPress is the content management system behind roughly 20% of websites on the Internet. Even the blog section here at ThatsNonsense.com uses WordPress behind the scenes in order to to function.

Because it is so popular, vulnerabilities are often discovered. And whilst WordPress themselves are good at releasing timely security patches for discovered exploits, there is one inherent drawback – WordPress is open source.

This means that other third party developers can create their own software that can be “plugged in” to a WordPress installation to offer various functionalities not offered by WordPress itself. These are called plugins, and they too present security risks. A vulnerability in a plugin could potentially give hackers access to your WordPress website.

This is why it is generally recommended to only use reputable WordPress plugin developers and of course, keep those plugins updated regularly.

The FBI warning follows a spate of defacement attacks on behalf of ISIS on WordPress websites. It appears these WordPress websites were not up-to-date. However the FBI appear to remain sceptical as to whether the attacks are actually being carried out by ISIS, or if the ISIS name is being used to give the attacks extra notoriety…

“These individuals are hackers using relatively unsophisticated methods to exploit technical vulnerabilities and are utilizing the ISIL name to gain more notoriety than the underlying attack would have otherwise garnered,” the FBI said in its public service notice.

Either way, these are not people you want attacking your website. Such attacks can cost money, reputations and lots of time.

Updating WordPress and plugins takes seconds, so if you own a WordPress installation, then get on it!

We have!