Malware in WordPress Sites
A malware confused as a WordPress plug-in for sites
A malware that was mistaken as a WordPress plugin is very alarming, especially to those website owners. Plug-ins are very useful in building a website, but unfortunately, there are already some that are considered as malicious software. Do you own a website? If so, consult a trained techinician or web developer to assist you regarding data and web security. Crawley Computer Centre is of service to you.
Video of Malware as WordPress plug-in
New Russian Malware Impacts 100,000 WordPress Sites
Google blacklisted more than 10,000 domains compromised with a piece of malware dubbed SoakSoak, according to virus researchers.
Up to 100,000 WordPress sites may be vulnerable to the malicious campaign, Sucuri said. Any version of WordPress that uses a popular slideshow plugin called “Slider Revolution” or RevSlider can fall victim to SoakSoak.
In September, researchers discovered a zero-day vulnerability in the plugin that allows an attacker to download any file from the site’s server, including database credentials, and compromise the website via the database. The problem lies in the way the plugin is wrapped into theme packages. When it becomes part of a theme, RevSlider’s automatic update mechanism is usually disabled and manual updates need to be performed in a process prone to error.
Source: Alexandra Gheorghe
Image Source: Phil Oakley