According to a Forbes report, published in December, 2014, WordPress is now the most popular web page development and CMS system on the internet. WordPress is an open source system, available free, that makes creating a blog or webpage relatively simple. The system provides creation tools and a growing number of plug-ins that enable businesses to operate state of the art websites. There are at least 60 million websites created with WordPress. That is one in every six websites in the world.

Because the code for the software and the plug-ins are open source and because the program is so popular, the makers of malware have found it a valuable target. In particular, hackers have targeted the system of plug-ins that accompany the main program. According to Matt Johnson of the Threat Research Center for Threat Research Center for WhiteHat Security, plug-ins are “inherently more insecure and harder to keep up to date as opposed to WordPress core.” One particular plug-in called “RevSlider” seems to be particularly vulnerable to infection.

Recently, a piece of malware called “SoakSoak” became the latest malware menace to take advantage of these vulnerabilities. SoakSoak scans for websites with older editions of RevSlider, then changes its JavaScript swfobject.js file. This disrupts website functioning by directing users to a SoakSoak domain. The malware infects the website host and any user that enters the infected website. It is difficult to remove. As of mid-December, 2014, the circle of infection has now spread to over 100 thousand websites. In an attempt to curb the spread of infection, the Google search engine has recently blacklisted affected WordPress domains to keep users from finding those sites. This could mean serious losses for thousands of companies depending on their websites. If there is a concern about Google exclusion, experts advise that users check with the Google advice page to find out how to get off the blacklist.

Keeping WordPress sites up-to-date is the best protection against malware.

  • Ensure that the plug-ins used are all legal. Plug-ins downloaded from free sites can contain malware.
  • Maintain the plug-ins. Use only the most recent versions.
  • Make sure to back-up sites in a healthy state. If a site becomes infected, the best course may be to take the whole site down and re-install the back-up.

WP Support HQ offers programs of full WordPress support and backup. We take care of all the steps you need to keep your website running safely. If you are using WordPresscontact us.