Are WordPress Sites Facing Malware Attacks?

A cyber security company Internet Assure warns that third-party plugins on websites that use WordPress content management system are creating multiple opportunities for hackers.

Quoting a ZDNET article, the company says that at least 100,000 self-hosted WordPress websites have been potentially compromised by malware over the past couple of weeks due to a plugin that many developers may not even realize is installed.

According to the ZDNET article, Google has blacklisted over 11,000 domains after a malware campaign, dubbed SoakSoak, compromised more than 100,000 websites using the WordPress content management system.

[ Also Read: North Korea Threatens U.S. in Sony Hack Case. “Grave Consequences” ]

“Wordpress is extremely powerful, and while the popularity creates a lot of opportunities for development, it also attracts hackers. There are thousands of extremely popular plugins that create vulnerabilities within these sites, and quite frankly, most WordPress self-hosted websites are set up without any thought to security,” said Tony Baker, director at Internet Assure.

Internet Assure says it is working to help website owners not only recover but to implement a system that speeds up services and helps prevent and recover from future attacks.

[ Also Read: Beware, Hackers Can Now Steal Your Fingerprints ]

“While there are a variety of WordPress security plugins available, most people have no idea how to use them properly. Likewise, most backup plugins are either ignored or set to backup on the very server that may have been compromised,” said Baker.

Internet Assure says it provides its service with the help of programmers who work to upload and configure a variety of custom settings and popular security plugins that will help secure, track changes, monitor files, and backup new and existing WordPress sites.

This is especially important with WordPress E-Commerce stores that require SSL security and shopping carts such as WooCommerce, says the company.