Alerts and incidents

Security vulnerability on a WordPress plugin—actions and advice

A vulnerability on a WordPress plugin developed by ThemeGrill has recently been discovered and attackers have been actively exploiting it in the past few days. This plugin is widely used by WordPress users.

Impacted plugin: ThemeGrill Demo Importer

The vulnerability is in the plugin ThemeGrill Demo Importer, a plugin provided by certain themes sold by ThemeGrill, a company that creates commercial themes for WordPress.

This vulnerability can allow an attacker to take control of a site and delete its data.

As such, we believe it’s prudent to remind you of the process to follow to protect your site as well as some best practices and precautions more generally linked to the security of your WordPress site.

React now!

  • Verify whether you have the ThemeGrill Demo Importer

To do so, go to the “Plugins” section in your WordPress admin page.

  • If not, you’re not impacted
  • If yes, update this plugin immediately to the most recently available version

Version 1.6.2 corrects the problem. These updates are directly visible in the “Plugins” section of your WordPress admin interface. Once version 1.6.2 of the plugin is installed, your WordPress site will no longer be at risk of attack via this vulnerability.

WordPress is by far the most used CMS in the world, and its catalog of plugins is extensive. The recurrence of this type of vulnerability is, therefore, likely. As such, there are certain best practices that can reduce the risk of an attack.

Best practices

1. Pay attention to the WordPress plugins you use

One of the strengths of WordPress is the almost unlimited catalog of plugins available, but these plugins don’t come without risks.

  • For the plugins that you use, make sure you’re using the latest version, and verify that there has not been a recent vulnerability identified by checking the publisher’s site
  • Privilege plugins that are updated regularly
  • Don’t overload your WordPress with plugins that you don’t really have any need for. This isn’t good for security or for the performance of your site. Delete plugins that you don’t use

2. Activate snapshots on your Simple Hosting instance

Snapshots let you save a previous state of your hosting files. This notably lets you return to a previous state in case you make an error in your site’s configuration.

This option is free on Simple Hosting, and you just need to activate it in your Gandi administration.

Find more information on snapshots here.

As a reminder, snapshots are stored in the same place as your site. They do not replace a true backup strategy.

3. Make regular backups of your entire WordPress site

Regardless of your hosting solution, it’s important to have a complete backup of your data at a separate, geographically distant location. Likewise, for a website, it’s a good idea to have a copy locally on your work station for example. To make this backup, you’ll need to save two elements:

  • Database:

WordPress’s database uses MySQL. You’ll therefore need to completely export your database.

You can do this from your PhpMyAdmin interface, which manages the MySQL database of your Simple Hosting instance. PhpMyAdmin is accessible from the “Administration” tab of your Simple Hosting instance. The export generates a file by defaults named ‘localhost.sql’ that you can save on your desktop.

You can also automate a daily export of your database.

  • Your site’s files:

You might also consider making a regular copy of all of your site’s data by connecting via sFTP, using FileZilla for example.

4. Follow official communications channels on the security of the tools you use

The majority of major software publishers have dedicated information channels that communicate on security issues. If you rely heavily on certain tools for your sites or your customers’ sites, it’s important to be informed quickly of any potential problems.

For WordPress: https://wordpress.org/news/category/security/

Feel free to follow us as well on Twitter and Facebook to stay informed about this type of incident.

Useful links:

https://www.bleepingcomputer.com/news/security/unsafe-wordpress-plugin-installed-on-nearly-200-000-sites/

https://wordpress.org/plugins/themegrill-demo-importer/advanced/

Simple Hosting: https://www.gandi.net/en/simple-hosting

Technical documentation: https://docs.gandi.net/en/simple_hosting/