We are continuing to see WordPress sites being hacked through a security hole in the popular Gravity Forms plugin. The latest security update to Gravity Forms was released last Friday, March 27th. Prior versions are vulnerable and allow attackers to upload malicious files to your website. We have seen several cases where sites have been taken over by hackers by exploiting this plugin.
Gravity Forms is a very popular plugin that we have used for years. We still believe it is a great tool, but it must be updated now to prevent your site from being infected.
Your site does not have to be a large, high value site to be targeted. Many of these hackers are not trying to steal information off your site, they merely want to take it over so they use it as a zombie site to attack a true high value site.
We urge all our WordPress clients to verify that they are running the most current version of WordPress and all plugins, particularly the Gravity Forms plugin.
Contact Main Street if you have questions or need assistance.