The WP File Manager hack has effected 1.4 million sites and counting. We’ve put together a plan for dealing with this hack, and we’d like to let you know what’s going on.
Almost none of the websites on our maintenance plans were effected by the hack, so it’s clear that our normal security precautions are working. The only sites on maintenance that have been effected are sites where clients have requested to have our regular password strength requirements turned off. As a result, we will no longer allow this for any sites that we maintain. We have automatically reset all passwords to randomly generated strings, so users will have to update their passwords on sign-in. All passwords must:
- Include numbers, capitals, and special characters (@, #, *, etc.)
- Be long (10 characters – minimum; 50 characters – ideal)
We have had many other web design agencies reach out to us for help with this hack and received a steady intake of new clients asking for help as well. We are processing hundreds of sites right now, so please be patient as we address yours.
To read more, check out the WordFence article here.