Over the past few days, websites that were running a self-hosted version of WordPress 3.9.1 or older were hacked by hackers claiming to be ISIS. The websites from all over the world included Sequoia Park Zoo in California, ldora Speedway in Ohio, Moerlein Lager House in Cincinanati, the Montgomery Inn also in Cincinnati, and the Dublin Rape Crisis Centre. Thankfully no data was stolen in the attacks.
The website’s who were hacked had their original content untouched, and a banner of the Islamic State flag. At the top of the page the words “Hacked by Islamic State (ISIS) We Are Everywhere” appears with a song in Arabic playing in the background.
There was also a link included which led to a Facebook page, which has since been taken down. Recent posts on this Facebook page includes images like the one below that lists other websites that have been hacked.
Dublin Rape Crisis Centre explained via twitter that their website wasn’t hacked specifically as you can see below.
A flaw had been exploited in WordPress versions 3.9.1 and older which allowed the hackers to attack so many websites worldwide and it is not yet known if the hackers are members of ISIS. In the meantime if you are still running a self-hosted WordPress site that is running version 3.9.1 or older then please update to the latest version which is 4.1.1 and keep a vigilant eye on your website. This will ensure that your website is more secure and less vulnerable.