-
I noticed that some of my Elementor created pages were being automatically redirected to external spam sites. After going through a thorough process of elimination in a Private browser, I narrowed it down to Rank Math and Elementor.
What I discovered is that any Elementor page that I optimized with Rank Math resulted in those Elementor pages being vulnerable.
Once I deactivated Rank Math, the redirections stopped.
Be sure to test it in private browsing, in standard browsing, once the redirection is cached by the browser, it keeps doing it even when you restart the browser. Obviously, private browsing doesn’t have that issue as it clears everything once you restart it.
-
Hello,
Thank you for contacting Rank Math and sorry for any inconvenience that might have been caused due to that.
It is really unfortunate that we missed adding a security check in a recent Gutenberg-related update in 2 places, despite it being added to all of the remaining 9 places already. We take full responsibility for this mishap and are incredibly apologetic about the loss of reputation that it cost your business. We have already put checks into place to ensure this never happens again.
We acted swiftly, even though it was a weekend and released an update immediately, fixing the issues, without anyone getting exploited to the best of our knowledge with your exception
The very next thing we did was to email everyone (which we don’t do for regular updates) requested them to update immediately, and made an announcement on our social media accounts as well.
The security researcher who informed about the vulnerability tweeted about our responsiveness:
https://twitter.com/ramuelgall/status/1245011512751558657That being said, this has only acted as a wakeup call and made us even more cautious than we were and we will continue to do everything in our power to ensure that this doesn’t happen.
Also, to avoid having to update the plugin manually in the future, one can take advantage of the auto-update feature of Rank Math:
https://rankmath.com/kb/version-control/#auto-updateThis will ensure you are always using the latest and most stable version of Rank Math without having to manually log in and update your plugin.
Please stay advised that the affected version was 1.0.40.2 and the latest build is 1.0.41.2, which is 3 versions higher (excluding beta releases).
That being said, what you are facing now can be resolved easily, IF Rank Math is the reason. Keep Rank Math disabled and follow these steps:
0. Take a complete backup of your site
https://wordpress.org/support/article/wordpress-backups/1. Update all your plugins and themes to the latest version.
1.1 Optionally, opt for an auto-update by following this tutorial:
https://rankmath.com/kb/version-control/#auto-update2. Update WordPress to the latest version and reinstall it.
3. Please enable the Rank Math plugin and if you have Rank Math’s redirection module active then re-check if all the redirections are correct here:
If not, then please delete the ones you do not recognize3.1 Please make sure there are no unauthorized users registered on your website.
/wp-admin/users.php
3.2 Check the menu items and the links inside them and remove any unwanted links:
4. Install a malware scanner like Sucuri or WordFence and run a scan for checking if there are any suspicious files on your server. If you find any, remove them all.
5. Follow these setup tutorials to confirm if the settings are correct:
https://youtu.be/dTvZuMRzW4w
and
https://www.wpmediamastery.com/rank-math-seo/?utm_campaign=Rank+Math6. Optional: We would recommend using Cloudflare if not already
7. If that doesn’t help, your site could be hacked due to one of the plugins listed here
https://www.webarxsecurity.com/wordpress-vulnerability-news-march-2020/8. In that case, please ask your hosting to run a malware scanner and remove any unwanted files from the server. Change the password of all the users on your website. Change the salt keys on your website. Finally, follow these security measures:
https://mythemeshop.com/blog/wordpress-security-tips/Again, we are sorry that this happened and we are confident that this will not happen in the future.
We are here to help. Thank you.
Hello @garethvanrensburg1
You must’ve received the email on 26th notifying about this issue.
The researcher published the exploit on 31st. They gave a window for everyone to update.
Social media announcement links:
https://twitter.com/rankmathseo/status/1243192574212366339
https://www.facebook.com/RankMath/posts/1163295370668383
https://www.facebook.com/groups/rankmathseopluginwordpress/permalink/573233856882278/
https://rankmath.com/changelog/An update was released a week before the announcement was made on WordFence’s blog.
We have always been open to how we are working and if we find any issues in the plugin. The email was sent on 26th and the statement by the researcher was released on 31st. We emailed everyone on 26th to update and since then released more updates to make things more secure.
Furthermore, we are getting the entire plugin reviewed by a few security researchers to strengthen the plugin further.
We have an option in the plugin to help users auto-update the plugin and we have always recommended turning that on:
https://rankmath.com/kb/version-control/#auto-updateHope that helps and if there’s any feedback, please feel free to let us know.
Again, we can’t be more sorry that this mishap happened.
Hello @cgsinvestmentsllc
That is because you are not subscribed to the mailing list. Please subscribe from here:
https://rankmath.com/communication-preferences/
Thank you.
Hi,
Have the same problem here, its redirect one of my client website page to the spam page (robot verify page).
when i remove the rankmath plugin, the problem gone. Then before i reinstall back the plugin, i installed wordfence. its still the same.
Then solved it by deleted the rankmath/redirect page
The ticket ‘RankMath has vulnerability causing Elementor Pages to be injected with Malware’ is closed to new replies.