[Nathanael Jones]

Yep - yours is updated.

[Dave Willis]

My site sorted thanks Nat, Letshost emailed to say there was nothing wrong with it today ............. and if they were to restore it would cost fifty euros! Which is odd as it's their security that lets it get hacked surely?

[Nathanael Jones]

Did they mention changing passwords etc and updating security?

[Smurf]

@Dave they will say that as you have left the site created in wordpress unpatched which is nothing to do with them.

Worst case scenario for all you know the site when hacked could have been loaded with a trojan which tries to infect other devices that visit the site and/or they try to steal your identity with key loggers etc.

Nat, a site may look ok but how do you know for sure there is no malice code been left there?

 

[Nathanael Jones]

You can check the "Revisions" feature of your pages and posts to see if anything was added in the last few days that wasn't added by you - if it was, roll back to an earlier revision.

To be clear though - this only affected Wordpress 4.7 and 4.7.1 - older releases were safe, and 4.7.2 is now secure again.

https://wptavern.com/wordpress-rest-api-vulnerability-is-being-actively-exploited-hundreds-of-thousands-of-sites-defaced

[Smurf]

I suppose a sure fire way to find out is when google blacklist your site. Then the real fun begins lol

[Dave Willis]

Did they mention changing passwords etc and updating security?

They didn't mention anything other than the fifty euros. I guess by the time they checked you had restored it for me. To be honest I'd have let the site go for the fifty euro charge.