Are you using Bricks Builder for WordPress and Got Hacked?

Bricks Builder Security Update

Are you using Bricks and got Hacked?

Are you are using Bricks theme and visual builder and your WordPress site got hacked this week?

There was a critical security vulnerability identified that affected all sites using Bricks theme.

This vulnerability allowed for unauthenticated Remote Code Execution (RCE), meaning attackers could execute arbitrary code on the server hosting the website, essentially giving them complete control.

Bricks released version 1.9.6.1 as a mandatory security update.  If you are not running version 1.9.6.1, you need to update immediately. Hackers jumped on the opportunity as soon as it was announced and exploited many websites within hours of the news.

How do you know if you got hacked?

Users have reported seeing the following issues with their website:

  • new user accounts created
  • new themes created
  • new php files generated in the root directory
  • WordPress files like wp-config.php were injected with malicious code
  • Many other files within your public_html

Are you surprised your site got hacked?  Read more here why every website is vulnerable to getting hacked.  They are not targeting “you” or “your business”, but just your unsecured website code since it is an easy target.

What to do if your website got hacked from the Bricks vulnerability

You need to do 2 things when your website gets hacked.

  1. Clean up the infection
  2. Secure your site so it doesn’t happen again.

Cleaning a site infected with malware means to remove all instances of infected code. The quickest approach to this is to move all of the code in your public_html directory and restore a backup prior to the site getting infected.

Related Post:   PHP Statistics on the Internet

Unfortunately, this is not always an option though. If you don’t have backups, or don’t have a recent clean backup, or your sited changed significantly since your last backup, then this approach won’t work.

The alternate to this can be a tedious manual process of scanning and cleaning files.

Is just cleaning an infected site enough?

Just restoring a backup and updating the Bricks theme is not enough. If your site is properly secured, then the odds of getting hacked in the first place are much smaller.

You want to be – NEED to be proactive when it comes to websites security and protect your website from getting infected with malware.

What did Bricks do wrong?

Bricks should get no backlash from this event.  On Feb 7 2024 a leading WordPress security expert informed the Bricks team about the RCE vulnerability. The Bricks team immediately addressed the issue and released a security patch, version 1.9.6.1, on February 8th. They strongly urged all users to update their sites within 24 hours.

They reacted quickly and communicated to its userbase.  Bugs and vulnerabilities are simply part of the nature of any type of software. It’s the software users responsibility to be proactive to secure their application, keep regular backups and keep code updated.

How to prevent your WordPress site from getting hacked

  1. Keep your core, themes and plugins updated all of the time.
  2. Harden your WordPress installation to protect it.
  3. Install and configure security plugins and firewall.

If you need WordPress malware removal service to clean and secure your site,  get in touch.  Hiring a WordPress security expert to clean and secure your website, and then manage your site ongoing can save you time, money and frustration.

Related Post:   One-Time SEO Services - Will You See Results?
Facebook
Twitter
LinkedIn
Pinterest

More Advice

Free Estimate

Hire a Freelancer

Hiring a freelance web programmer is an affordable solution for small businesses to get website support with development, maintenance, management and more.

Do NOT follow