We’ve noticed several WordPress web sites that have been hacked through a vulnerability in the plugin “WP GDPR Compliance“.
This plugin has become very popular since the new release of the GDPR (General Data Protection Regulation) law from Europe.
The attackers gain write access to the database through a privilege escalation vulnerability, in versions up to 1.4.2. This was already fixed in version 1.4.3, so we encourage averybody to update your plugin immediately if you have not yet done it.
The symptom of this infection is that your WordPress “siteurl” has been changed by the attacker, so your web site gets redirected to another web site domain.
As the “siteurl” has been changed into the database options table, the web site owner cannot even login, because the login form redirects to the new changed domain.
A simple solution is to open phpMyAdmin (or your any other database editor), go to the options table and restore the “siteurl” and “home” fields to your own site url domain. Then login to your site, update the plugin and clear the cache, in case you have any cache system in place like WP Rocket (the one we use; follow the link to purchase our WordPress Speed Package), WP Fastest Cache, WP Super Cache, W3 Total Cache or any other…
You also have to delete a malicious fil