Hey folks, there is a recently announced vulnerability affecting the popular All in One SEO Plugin. The vulnerability allows a site user of any level to escalate privileges to admin level and from there on in they pretty much have an open book.
Hey, I’m over here, hack me!
Frustratingly the All in One SEO plugin issues a generator tag that announces the version number. So, before long, some enterprising asshole hacker will likely frig together a scanner to identify target sites and we will see infection rates rocket.
SEO Implications
The SEO implications are stark – depending on what the attacker decides to do you may see your visitors infected which is not a great present for your loyal or soon to be customers. Worse still you may see a warning page placed before your site by your web browser or by Google search informing customers to turn back. These warning pages have become increasingly hard to allow folks to proceed past (if they would even want to) and you can see an interruption to website traffic, PPC traffic and recently we have seen local results decoupled from the site with users sent directly to the Google+ page. If the problem persists for a week or more you can see a serious impact to your online visibility which will hit you where it hurts – in the pocket!
Cleaning up once you have been infected is also no joke and often sites can be reinfected via backdoors and other problems.
The best defence…
The best defence is always a good offence and that includes regular daily backups, updating plugins as they become available and keeping WordPress itself up-to-date. There are also further steps you can take to secure a WordPress installation and bolting on some security monitoring so you know the minute something changes or if the site becomes vulnerable is a sensible approach – insurance for your visibility (check out our SEO Service for a comprehensive security monitoring, clean up and backup system that takes care of security on WordPress or any other CMS system).
A Simple Fix
Fortunately, this one has a simple fix – simply update the plugin to the latest version and sleep easy at night.
Stay Safe, Stay Secure, Stay in Business!
There is some pretty nasty malware out there at the moment and attackers are going to be looking for new methods to distribute these tools – don’t let your site be one of the zombies! If you need help with security drop a comment below or give us a shout + share this post to ensure everyone using All in One SEO Pack gets updated.
6 Responses
Thanks for the heads up Marcus! Now to try and remember which of our 100’s of sites has it installed! Grrrrr!
Yep, it’s a nasty one as well so it’s off to manual audit land you go! *cough* it’s no Yoast WordPress SEO anyhow *cough* 🙂
Great post Marcus, security should be paramount for any transnational website today. Despite all my efforts I still get people pounding my site, i found a better result than a plugin like WordFence, I use a Web Application Firewall (WAF) called cloudproxy which acts as a stopping gate such that anyone not whitelisted can’t send requests to wp-admin nor try to send PHP into a url etc… very cool and actively updated. Much less stressful that a plugin too that may not always be updated isntantly.
Hey Andy
Hey, great point. We run security for a bunch of client sites (mainly wordpress) and we use a combination of various solutions. Sometimes something local like WordFence but more often than not a mixture of solutions: Blacklist monitoring, Web Application Firewall etc. Really, our drive here is search visibility and business continuation so we also crawl the site, check for technical gotchas and would you believe it, just keeping plugins and WordPress core up-to-date can be a big help!
We have seen so many sites hacked and have problems and it is usually due to the basics not being done *cough* update your plugins people *cough*.
Cheers!
Marcus
Thanks for the heads up Marcus. I do tend to update my plugins every so often, and make a habit of doing the same with my client’s sites as well. How often would you suggest the updates take place to be most effective against attack?
Hey Mark. I suggest updating as often as necessary. Which is a rubbish answer but the right one. If you install a plugin like WordFence it will give you an email as soon as a plugin goes out of date so you can stay on top of things. Hope that helps! Marcus