Over at our main business today we have been dealing with a website that was hacked due to the now fixed vulnerability in the plugin 301 Redirects – Addon – Bulk CSV Uploader that started getting widely exploited to redirect websites shortly after it was fully disclosed by the discoverer on Saturday (in this case the redirect was to tomorrowwillbehotmaybe.com). Simply keeping plugins up to date at all times would have avoided websites getting hacked as it was fixed on Thursday. If you were a customer of our service you would have been warned of the high likelihood of that vulnerability being exploited on Monday of last week (we knew about the vulnerability because the discoverer had obliquely disclosed the vulnerability some time before Monday).

What wouldn’t protect you is the Wordfence Security plugin, as the website we have been dealing with is using that. The plugin is clearly active on the website as it locked us out of trying to login after we were provided incorrect login details for WordPress on the website. [Read more]