A new report from Sucuri has come out mentioning a new malware campaign going on that is targeting WordPress websites. The original report went up on Friday, September 18th and it already showed thousands of websites being exploited.
We detected thousands of sites compromised with this malware just today and 95% of them are using WordPress. We do not have a specific entry point determined yet, but it seems to be a campaign targeting latest vulnerabilities in plugins. Out of all the sites we detected to be compromised, 17% of them already got blacklisted by Google and other popular blacklists.
Keeping your scripts up-to-date was always essential for any webmaster. Security holes get found and patched all the time on the interwebs – and you want to make sure all of your scripts is always patched and updated. WordPress is probably one of the most commonly used scripts, and unfortunately one of the most commonly exploited. Make sure you’ve updated to the latest WP version, along with the latest version of your theme and all plugins.
If you’re not already using a Malware plugin I highly recommend Anti-Malware by ELI and the Sucuri Security plugins. You can also run the online based Security/Malware Scanner by Sucuri if you don’t feel like installing the plugins.