According to a Forbes report, published in December, 2014, WordPress is now the most popular web page development and CMS system on the internet. WordPress is an open source system, available free, that makes creating a blog or webpage relatively simple. The system provides creation tools and a growing number of plug-ins that enable businesses to operate state of the art websites. There are at least 60 million websites created with WordPress. That is one in every six websites in the world.
Because the code for the software and the plug-ins are open source and because the program is so popular, the makers of malware have found it a valuable target. In particular, hackers have targeted the system of plug-ins that accompany the main program. According to Matt Johnson of the Threat Research Center for Threat Research Center for WhiteHat Security, plug-ins are “inherently more insecure and harder to keep up to date as opposed to WordPress core.” One particular plug-in called “RevSlider” seems to be particularly vulnerable to infection.
Keeping WordPress sites up-to-date is the best protection against malware.
- Ensure that the plug-ins used are all legal. Plug-ins downloaded from free sites can contain malware.
- Maintain the plug-ins. Use only the most recent versions.
- Make sure to back-up sites in a healthy state. If a site becomes infected, the best course may be to take the whole site down and re-install the back-up.