Site hacked through order proccessing

  • Resolved MickeyDangerez

    (@mickeydangerez)


    3 years, 9 months ago

    A site I am managing was hacked. The hackers changed the site URL, site name and description by processing an order through woocommerce.

    I am not sure which plugin could be responsible.

    Here is a list of the woocommerce plugins used on the site:
    Advanced Woo Search
    BEAR – Bulk Editor and Products Manager
    Premmerce SEO for WooCommerce
    Sg Order Approval for Woocommerce
    Ultimate Auction For WooCommerce
    WooCommerce Admin
    WooCommerce Colors
    WooCommerce PayFast Gateway
    WooCommerce Wholesale Prices
    WOOF – WooCommerce Products Filter

    Are there any known issues with any of these plugins?

    Regards
    Mike

Viewing 4 replies - 1 through 4 (of 4 total)

  • Hello @mickeydangerez ,

    I am sorry to hear about the news. No one expects this to happen.

    Make sure your administrative passwords are difficult enough and secured. Here are some great steps to make sure your site is not vulnerable – WooCommerce Security: The 7 Things You Should Do First

    In this forum, we can only comment on the issues that relate to core WooCommerce. Since there are not many reports for WooCommerce order processing we can assume the issues are from other sources.

    For the extensions that you are using from WooCommerce.com, you can create a ticket to know any information. For others, it is better to get in touch with that plugin developers.

    You can also take help from a security expert to investigate and find the possible way how your site had been hacked.

    I hope you get the solution as early as possible.

    Thank you ??

    Thread Starter MickeyDangerez

    (@mickeydangerez)

    Thank you for your reply. How would I be able to determine which plugin is responsible? Can we leave this thread open for other to be able to respond if they have one of these plugins mentioned that could be responsible.

    What would WooCommerce recommend to uninstall any plugin no longer being updated? How long ago is not updated enough?

    Your help is greatly appreciated.

    Hello @mickeydangerez ,

    How would I be able to determine which plugin is responsible?

    There is no specific way that can be followed. It will require extensive inspection and figuring out of patterns of the steps when the breach happened. You can take help from an expert to audit your site and find out possible vulnerabilities.

    Can we leave this thread open for other to be able to respond if they have one of these plugins mentioned that could be responsible.

    Yes, sure! Let’s keep it open one more week to see if someone else responds as well.

    What would WooCommerce recommend to uninstall any plugin no longer being updated? How long ago is not updated enough?

    Updates should be installed as soon as they are released. If a plugin has already an issue that can breach security then the update should not delay. Because potential hackers keep track of them and target all the sites that have the plugin installed.

    You should not use any plugins that are not updated regularly or do not have compatibility with the latest WooCommerce versions.

    From WooCommerce 3.2 there is a version checker available that indicates if that plugin has been released to support WooCommerce’s latest version – New version check in WooCommerce 3.2

    Thank you ??

    Hi there,

    We’ve not heard back from you in a while, so I’m marking this thread as resolved.

    Hopefully, you were able to find a solution to your problem! If you have further questions, please feel free to open a new topic.

    Thank you ??

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘Site hacked through order proccessing’ is closed to new replies.

Tags