Thousands of WordPress websites hit in new malware attack, here’s what we know
Posted by:
John Harrison
Security researchers have uncovered over 5,000 websites harboring a malicious code that installs a plugin designed to steal login information and sensitive data. The malware, discovered in WordPress websites, generates an unauthorized admin account with login details embedded in the code. It then proceeds to download and execute a suspicious WordPress plugin to extract critical data and admin credentials to a remote server. While the exact source of the malicious code remains unknown, experts recommend measures such as blocking specific domains, auditing admin accounts, removing suspicious plugins, enhancing CSRF safeguards, and implementing multi-factor authentication to defend against potential attacks. With WordPress being a prime target for cyber threats, it is vital to only use plugins and themes from trusted sources with active support. Regularly updating plugins and themes, uninstalling unused ones, and maintaining strict security measures are essential for safeguarding websites against malicious activities. Stay informed and stay protected.
Recent Posts1
