Alert for WordPress Bloggers
If your blog/website uses the Custom Content Type Manager (CCTM) plugin, chances are, your WordPress blog/website has been compromised.
A backdoor hack has been discovered by Sucuri Security. March 4, 2016, Denis , wrote a post entitled, When a WordPress Plugin Goes Bad in the Sucuri blog.
It is a detailed account of the progression of activities leading to the discovery of the backdoor, and, Denis speculates about how the hack might have occurred, how the hacker might have progressed from a freelance WordPress developer to the dark side, and indeed, who the hacker might be (names he uses).
There are several recommended steps to mitigate the situation. The top four are:
- Replace the current version of Custom Content Type Manager with version 0.9.8.9 which is the most current clean version.
- Replace ALL WordPress core files with a fresh install. (Delete the existing files (which have probably been hacked) and replace with a fresh install of the core files.)
- Change the passwords of ALL users.
- Delete the users that are unknown to you and look suspicious.
Six to eight steps are suggested in the Mitigation section of the article. Scroll to the bottom of the article, just above the author’s byline.