Book appointment

Convert Plus - Hack WordPress admin access in 30 seconds! Is your website secure?

A warm hello to all WordPress owners among you, especially those who collect leads.

For this need, there is the practical little plug-in "Convert Plus", which is already pre-installed in many themes and already has over 100,000 active installations. The Convert Plus plug-in aims to convert more subscribers, leads and members with the help of Pop-upsheaders and footers, forms, slide-ins, widgets in the sidebar and the like. Pop-ups to generate.

Sounds all well and good, but what's the problem?

How my website was hacked in just 30 seconds

This morning, as I was leisurely checking data from my current website with a coffee in my hand, I saw a surprising email in my inbox. Take a look at it:

At first I mistakenly thought that I might have generated a lead via my newly installed "Covert Plus" plug-in. However, this seemed strange to me, as the campaigns set up had nothing to do with user registrations.

For this reason tested me then in my WordPress interface, under the tab UserI wondered who this strange Samuel might have been. When I got to the user tab, I was almost struck by the fact that it had nothing to do with my Covert Plus plug-in. By some method, someone managed to remove my page from Hack WordPress and to be able to create a new userwith admin rights. With a mix of terror, confusion and the whimsy of a morning grouchI deleted this user as quickly as I could again.

Completely perplexed and shocked, I asked myself, How the hell did this guy get into my website? You hear a lot about hacking and read a lot online, but it's rare for something like this to actually happen to you.

Since there are many ways into a WordPress website, I first implement the basics as quickly as possible:

  • New log-in path (You should never leave it at /wp-admin in any case!)
  • Password change in WordPress
  • Password change in hosting
  • New password in FTP
  • 2-factor authentication in hosting
  • 2-factor authentication in WordPress
  • Update all open plug-ins
  • New password for the database

Here remained only the Updates of the usual plug-ins included in the theme openanyone who uses a Themeforest theme will be familiar with it. The usual suspects include Plug-ins like WP Bakery Page Builder, Ultimate Addons for WPBakery Page Builder, Convert Plus and similar plug-ins. They actually require an individual license, but are automatically included in many themes. Without a license, these can be used, but cannot be updated manually.

Since I trust these plug-ins more for some reason, probably because they are paid, I was less worried at this point that someone could hack my WordPress account with their help. After I had taken all the measures mentioned above, I thought I had averted the danger.

  1. Wrong thinking.
  2. The laptop made a pinging noise.
  3. A new mail flutters in:

"Damn axe" - I thought to myself.

"THIS CANNOT BE" - went through my head.

"Now there won't even be any more pee breaks until this is resolved" - I thought to myself.

"One Wordfence plug-in to go, please."

After investing in the PRO version of Wordfence, I took a look at the live tracking:

A Dutch IP with a Russian hostname is actually messing with my admin files.

When I saw with a questioning look: "/wp-admin/", I knew I had to get the Ban hammer in the direction of the Netherlands fly.

Phew, that felt good. But the question is, did it do any good?

Yes, it has.

The person tried to access my site via another IP address, but as this was in the Netherlands, he was unable to do so.

Important: A country ban will never be enough. Anyone can access VPNs at will to get an IP from another country. This meant that the attacker could have simply proceeded as they wished. It therefore seemed logical to me, especially after consulting a few fellow sufferers, that it must be due to a plug-in.

The culprit: the Convert Plus plug-in

After a small discussion in the Online Marketing-groups, there were many different approaches. So I checked to see if there was any news about plug-ins I was using - and lo and behold:

(29.05 - Source: Wordfence)
(30.05 - Source: Bleepingcomputer)

May sound strange, but after reading this, I was reassured. Nothing is worse in such a situation than not knowing where the problem lies.

Now deleted I straightaway, the just mentioned Convert PlusPlug-in and took a look at the official site to see if there was a Update on this problem would exist.

New update on the official plug-in page and at CodeCanyon

In a official contribution from Wordfence this problem has been explained in more detail for anyone who is interested. Wordfence also makes it clear that the developers of Convert Plus immediately responded to this bugwithin a few days, the Update plug-inand it in a separate article shared with their users.

Furthermore the team of Wordfence showed in your contribution even exemplarily with a Video on how this hacking process took place. Here, one realizes for the first time how fast and simply someone can gain access to your website. It just had to be a Vulnerability in plug-ins and it was already possible for people to hack your WordPress account. Creepy, but important to know.

So you have two possibilities, if you use the Convert Plus plug-in in the Version 3.4.2 or earlier, namely UPDATE or DELETE.

And the moral of the story ...

  1. "Too many plug-ins, don't install them".
  2. "You don't use outdated plug-ins."
  3. "Wordfence and 2-factor authentication, you better use it, you wretch."
  4. "People from the Netherlands are not trusted" (Joke)
  5. "An alternative login path is nice and simple"

But joking aside. You hear so often that it is important to Keep plug-ins up to date. This example should show you that this statement is really true - and not just about Agencyused to charge customers running costs for "maintenance".

Fortunately, I spend almost every waking hour in front of my laptop as a workaholic nerd and was virtually there live when an attempt was made to infiltrate my site. In this case, if you can imagine the Video from Wordfence looks at, really took only 30 seconds to create an admin account. You can see how this was/is possible in the following video:

That was highly dangerous and could have gone really wrong. Please also learn from the mistakes that others make for you (in this case, me) and set the best today the above Security settings for all your important web projects.

Prevention is better than cure, but you usually only learn that when it's too late.

Be smart, stay safe and thanks for reading!

Happy weekend to you!

Best regards with aching eyelids,

Niels

Content

Register now
Free SEO Check

FAQ

What is "Wordpress Hacking"? arrow icon in accordion
Wordpress hacking is a term that describes the unauthorized intrusion into a Wordpress system. Hacking usually involves using technology to gain access to systems or information that should not be available to a hacker. When a Wordpress system is hacked, the hackers may try to steal sensitive information, manipulate the website or destroy it completely.
How can hackers hack WordPress websites? arrow icon in accordion
Hackers use different types of techniques to hack WordPress websites. The most common methods include using weak passwords, identifying and exploiting vulnerabilities in plugins or themes, and using malware or other malicious software.
How to protect Wordpress from hackers? arrow icon in accordion
To protect Wordpress from hackers, it is recommended to use an up-to-date and secure password, perform regular security updates and install a reliable security plugin. It is also important that you use only trusted plugins and themes and remove all outdated, unused or insecure plugins and themes from your website.
Why should you secure your WordPress website? arrow icon in accordion
A carefully secured WordPress website is the best way to protect your business from attacks and data loss. This way you can make sure that your website won't be hacked and your customers' sensitive data will be safe.
How to restore a WordPress website after a hack? arrow icon in accordion
To restore a WordPress website after a hack, you should first create a backup of your website. After that, you can remove the malicious code and install a reliable security plugin to protect your website from hackers in the future.
What is phishing and how can you protect yourself from it? arrow icon in accordion
Phishing is a type of social engineering attack where hackers try to steal user information (such as passwords or credit card details) by using fake emails or websites. To protect yourself from phishing attacks, it is recommended not to open suspicious emails and to always make sure that the domain name address is correct when visiting websites.
What can be done to improve the security of my website? arrow icon in accordion
To improve your website's security, it's recommended to install a reliable security plugin, perform regular security updates, avoid weak passwords and use only trusted plugins and themes.
What tools can you use to secure Wordpress? arrow icon in accordion
There are many different tools that can help you secure Wordpress. These include security plugins, firewall tools, and security audits. It is also possible to hire an external security expert who can audit your website and help you deal with security issues.
How can I protect myself from hacking my WordPress website? arrow icon in accordion
To protect yourself from hacking your WordPress website, it is recommended to use a strong password, perform regular security updates, use only trusted plugins and themes, and remove all outdated, unused or insecure plugins and themes from your website.
What are the consequences if my WordPress website is hacked? arrow icon in accordion
If your WordPress website gets hacked, the consequences can be severe. Hackers can try to steal sensitive information from your website or completely destroy your website. There is also a risk that the website will become inaccessible to other users or the website will not be indexed for search engines.

With top positions to the new sales channel.

Let Google work for you, because visitors become customers.

SEO Potential Test
Implement SEO strategy

About the author

Picture of Niels Stuck

Niels Stuck

Niels Stuck has 10 years of SEO experience and is the founder of the SEO agency "WOLF OF SEO". He gained practical experience by building 20+ affiliate sites alongside his marketing studies. Finally, he wrote his bachelor thesis about the influence of SEO on Google rankings, traffic and sales development in the form of a case study. Today, he specializes in e-commerce SEO and helps more than 80 companies build a sustainable organic revenue channel through SEO. Niels advises startups, established brands and corporations in search engine optimization of their online stores and primarily focuses on data-based content strategies and link building. He shares his knowledge about SEO and online marketing in this blog, as a speaker at conferences, in podcasts and as a guest author for OMT, Forbes, Starting Up and many more platforms.
All contributions

Social Media & Links:

Linkedin Youtube Instagram forbes

Arrange free SEO initial consultation

Book appointment

Open questions? Shoot!

Questions, cooperation or suggestions?
Then write us an email directly!
We are looking forward to your project or idea!

Our services

Overview

SEO top posts

Top ratings

Experiences & Reviews for Niels Stuck - Wolf of SEO

Gifts

© Wolf of SEO - 2024
Made with ❤ By Alpha Design

SEO Scaling Framework

The fastest way to the SEO revenue channel

✅ Our exact framework condensed into 96 pages

✅ 3 hours of detailed accompanying video with additional best practices

✅ Step-by-step path to the Bulletproof 100k€ SEO channel

Request video + PDF now!

ℹ️ We will check your details and then release the PDF:

🔒 Don't worry! We will No spam e-mails send!