FBI warns of increased threat of WordPress Hacking by ISIS.


This is an image of my personal email, it’s a list of hacking attempts on my WordPress blog!

I’m not a high profile target (I think!) but as you can see I had several attempts to hack into my blog. It’s from a hacker in the Ukraine, as you might imagine I eventually got bored of these constant email and blacklisted the whole of the Ukraine!

If the run of the mill hackers aren’t bad enough the FBI has announced an alert that Islamic State in the Levant (ISIL) a.k.a. Islamic State of Iraq and al-Shams (ISIS) is hacking into WordPress blogs.


Sagittarius provides some great hosting which is very secure, physically and remotely. However the hosting can have all the security in the world but it’s not going to protect you if you don’t take care of your site.

If your blog uses any of the following plugins you might be vulnerable:

  • Gravity Forms – anything lower than 1.8.19 gives full admin access to your entire blog 
  • Pods Plugin 
  • MainWP-Child 
  • WooCommerce 
  • WordPress SEO 
  • WP Super Cache - This is a really bad hack and should be upgraded over version 1.4.4 as it allows admin level access to WordPress via XSS attack. 
  • Slider Revolution

That’s not to say other plugins aren’t vulnerable but the above are known targets the FBI and others raise as the most likely attack points. It’s worth mentioning that the above plugins are known to be the best in the business which is why they are widely used. Which in turn means they are widely targeted in hacking attempts!

Insecure plugins are bad but also any version of Wordpress older than 4.2.1 is natively vulnerable. Without any plugins it allows attackers to use XSS which in laymen’s terms allows the attacker to inject any mark-up they like on to your site.

Such as adverts appearing on site or defacing your blog as a whole. It also allows the attacker to listen for the admin logging in and change the admin password. To one the attacker can use to get or do anything the admin user can do.

So what can you do? Well as you might expect Sagittarius can help with many of these issues.

We can upgrade individual plugins or WordPress itself for you as a one off payment. We offer monthly maintenance plans as well as service level agreements for this type of work.

If that wasn’t helpful enough we have monthly plans which monitors WordPress for malware and hacks as well as blacklisting hackers (like my blog is doing above). As well as malware removal and clean-up for an unlimited number of page. Depending on your specific needs we can do this within 12 hours, 6 hours or 4 hours of attack based on your specific business criteria.

Simply contact your appropriate account manager for information on one or more of these great services. My personal blog is built on WordPress and I still believe it’s a great platform. But given all the threats out there to your business. Can you really afford not to have a retainer to actively monitor and protect your site?

Richard Brisley
Richard Brisley
Technical Lead
Richard is the longest standing member of the Sagittarius team, he works tirelessly to support the development and side-facing team with problem solving and pitches alike. His skills as a .NET programmer and database administrator have been paramount to the success of Sagittarius and our continued success. 

In 2016 and again in 2019 Richard was recognise in the BIMA 100 awards for his outstanding work in Tech, his passion for digital and his contribution to the industry. 

Richard Brisley

Richard Brisley

19 May 2015 - 5 minute read
share this

stay in the know, stay ahead.

Get the latest from the agency, including news, events and expert content.
explore services in the article
find out what we can do for you
read some of our case studies