Support » Theme: Spacious » Themegrill Demo Importer Hacked

Themegrill Demo Importer Hacked

  • tiggertai

    (@tiggertai)


    1 week, 4 days ago

    Several of my WordPress sites developed using Themegrill (Spacious theme) appear to have been hacked. Google search reveals this is a widespread new issue: https://thehackernews.com/2020/02/themegrill-wordpress-plugin.html. According to the articles on the issue, the hack exploits a vulnerability in the demo importer plugin to erase all existing users and delete the WP database, leave the website empty and displaying a default hello world/sample page. Is there a fix for this or is the only option to redevelop the website? Does Themegrill offer help for people who’ve purchased themes that have been hacked?

    The page I need help with: [log in to see the link]

Viewing 6 replies - 1 through 6 (of 6 total)
  • Moderator Steve Stern

    (@sterndata)

    Support Team Volunteer

    1 week, 4 days ago

    Normally, we do not discuss vulnerabilities in the forums. However, since this has been widely reported and has damaged a bunch of sites, we’re letting such stuff be public.

    Make sure you’re on the latest version of the importer plugin (or just delete it because, really, do you need it more than once?).

    If your site is gone, you’ll need to restore the database from a backup, either one you’ve made or one by your host.

    THEN, get a fresh cup of coffee, take a deep breath and carefully follow this guide. When you’re done, you may want to implement some (if not all) of the recommended security measures.

    If you’re unable to clean your site(s) successfully, there are reputable organizations that can clean your sites for you. Sucuri and Wordfence are a couple.

    mxl

    (@mariexl)

    1 week, 2 days ago

    Hi @sterndata ,

    Has Themegrill already fixed this vulnerability in the update that was release today?

    Moderator Steve Stern

    (@sterndata)

    Support Team Volunteer

    1 week, 2 days ago

    According to what I’ve read, yes.

    ahmet700

    (@ahmet700)

    1 week, 2 days ago

    i upgreaded version 1.6.3

    mxl

    (@mariexl)

    1 week, 2 days ago

    Good to know. Thanks!

    I don’t want to do all this work again re-starting my webpage again. It has been quite annoying.

    Moderator Steve Stern

    (@sterndata)

    Support Team Volunteer

    1 week, 2 days ago

    What’s the takeaway? BACKUP YOUR SITE REGULARLY in some automated way and store the backups offsite. I like “backwpup” for that.

Viewing 6 replies - 1 through 6 (of 6 total)
  • You must be logged in to reply to this topic.

Views