If you installed any of these two WordPress Plugins:
GiveWP
Rich Reviews
.
Please update or remove them immediately from your WordPress site.
The two plugins have vulnerabilities that will allow hackers to either place malicious code on your site to infect your visitors or even gain access to your WordPress website and take full control.
In addition, if you are using one of those two plugins, have HelpingHost.com support review your WordPress site to make sure no backdoors or users were installed.
If you are using the Yuzo Related Posts WordPress plugin, please remove it from your WordPress installation ASAP.
We are starting to see customer websites that are using the plugin being redirected to malware websites.
There is currently NO PATCH available. Which means you HAVE TO remove the plugin.
Without going into to much detail:
The attacker calls this vulnerable plugin with certain parameters that in turn inserts code into the options of this plugin. That code currently seems to be javascript code that performs the various redirects to malware.
We have started to pro-actively implement additional protection into our Intrusion detection system to reduce the chance of a successful attack.
We have also began to scan all customers websites for this plugin and remove it if found. However, we of course prefer for you to login to your WordPress admin and remove it yourself as soon as possible.
If you have any questions or need help, please contact our support team as usual.
How to get your WordPress website ready for https.
Starting in July 2018, your site will be marked as “insecure” by Googles Chrome browser. We have added free SSL certificates for all our customers so that you are ready to go right now.
However, often you will need to make some changes to your website to ensure that it uses https:// instead of http://
Here we are showing you how to re-configure your WordPress to use https:
First, login to your WordPress admin and change the WordPress Address and Site Address to https://…
Now, if you made the mistake to use absolute links or images in your WordPress in the past, you now need to change those from http:// to https://.
You could simply go through each and every post and page of your WordPress and manually make that change. If you however have hundreds of pages and post like us, we suggest to use a Search and Replace plugin instead.
The first step for this is to MAKE A BACKUP:
Login to your Control panel and access Softaculous.
Now, get a list of your WordPress installations (1) and Click on the Backup icon next to the WordPress install you are working on (2):
Follow the steps until the backup is complete. Now go back to your WordPress Admin.
Next, add the Search and Replace Plugin
Choose Plugins -> Add New
Now type Search and Replace in the keyword fields. Choose the plugin from “Inpsyde GmbH”.
Install and Activate the plugin as usual.
Now click Tools -> Search & Replace
Now, if you want to be really safe, click Create SQL File and then Download SQL file. This will give you a backup of the database just in case something goes wrong and can be restored very easily using the SQL Import tab.:
Now you click on the Search & Replace tab.
Enter http:// in the Search for field.
Enter https:// into the Replace with: field.
Check the box “Select all tables”
and Dry Run. (This is to test what will happen before anything actually happens.
Click Do Search & Replace.
Here is an example of the result:
Clicking on view details will show you what actually will be changed.
The last step is to UNCHECK “Dry RUN” and choose “Save changes to Database”.
Click “Do Search & Replace” one more time and you are done.
Clear your WordPress Cache as well as browser cache to check the results.
Last updated Jun 14, 2020 at 11:36AM | Published on Apr 5, 2018 | Web Hosting News
If you are using Drupal on your website please read on…
The Drupal CMS team has fixed a highly critical security flaw that allows hackers to take over the site just by accessing a URL. We highly recommend that Drupal site owners immediately update your sites to Drupal 7.58 or Drupal 8.5.1, depending on the version you’re running. If you are unsure how to do so, please contact our Support team.
The Drupal team pre-announced the recent patches last week when it said “exploits might be developed within hours or days” after the disclosure.
This new Drupal Vulnerability allows an attacker to run any code he desires against the Drupal CMS’ core component, effectively taking over the site. The attacker doesn’t need to be registered or authenticated on the targeted site, and all the attacker needs to do is access the URL.
A nickname for this Drupal Vulnerability is “Drupalgeddon2”.
Drupal 6 is also affected. However, since Drupal was declared end of life (EOL) in 2016, NO patches will be issued by the Drupal Team.
Last updated Jun 14, 2020 at 11:36AM | Published on Mar 28, 2018 | Web Hosting News
HelpingHost.com is happy to announce a new partnership with Cloudflare, the web’s easiest performance, and security solution. As a Cloudflare Certified Partner, we deliver their simple and free solution to help protect and accelerate your website. Once your website joins the CloudFlare community, it loads twice as fast and is protected from a range of online threats.
Getting started is super easy—you just need to log into your control panel and look for the Cloudflare icon. With two clicks, you can activate CloudFlare and your website will automatically be faster and safer around the world.
We are pleased to offer you the CloudFlare service for FREE. There is no commitment. Turning CloudFlare on and off takes two clicks of the mouse, so feel free to try it out. We think you’ll like it.
Recent Comments