WordPress Security: AccessPress Plugins Compromised
JetPack (a security and optimization tool for WordPress) is reporting that all free plugins from developer AccessPress have been compromised. Although it seems reasonable to assume that premium offerings from the developer were also affected. WordPress security managers should take action immediately to prevent hackers being able to take over their site.
AccessPress plugin hack not so easy to fix
According to JetPack, hackers managed to get into AccessPress’ servers and infect the themes and plugin with malware. The silver lining being, if you downloaded the theme or plugin from WordPress.org you are most likely fine. Still, it is possible over 300,000 sites have been affected. Once the malware is installed on your webservers it is likely complicated to remove. While users report that it is not sufficient to just update the affected plugins or themes. Rather, they must be removed completely and replaced with alternatives.
As with all malware attacks the loss to a website owner can be great. Just the time it takes to clean up the site carries a financial burden. In this case replacing the theme may mean a complete redesign to the site around the new theme. And you may need to use a service such as Wordfence or Sucuri to carry up a malware scan, and clean up the site. There could even be reputational damage to take into account.
The latest version of the plugins and themes are now clean. While this is good news, it demonstrates the importance to have a system for managing the plugins and themes. You can find a list of affected themes and instructions on how to remove the malicious code here: JetPack.
Don’t leave WordPress security to chance
Have you been affected by any compromised AccessPress themes or plugins? If you care for a WordPress site it is really important to have good security processes in place. How can you avoid being affected by compromised plugins? We have a guide with 5 ways to choose the right plugin.
