A new malware attack is targeting WordPress websites by disguising itself as a security plugin, giving hackers full control over compromised sites.
Thousands of WordPress websites are at risk after a malware campaign was discovered which uses fake security plugins to hijack admin access. These plugins appear, at first glance, to be legitimate, tricking users into installing them. The reward for installing these plugins, the malware claims, is the promise of enhanced website security. However, once installed, the plugin gives hackers full administrative control. This allows the attackers to run malicious code and embed harmful content into the site for their own gain.
With over 810 million WordPress websites online, it makes sense for threat actors to target such a large audience. With so many websites at risk, we decided to take a closer look at this alarming threat so that we could help you keep your own website safe.
WordPress Security Plugin Turns Rogue
The attack is part of a growing trend where cybercriminals exploit trust in popular platforms like WordPress to spread malware through plugins, themes, and outdated software. The malware not only affects site functionality but can also steal user data, serve malicious ads, and damage the website’s reputation in the search engine results page ranking.
Cybersecurity researchers have found that the malicious plugin is being uploaded directly to WordPress installations. This file disguises itself as a genuine security feature in order to deceive victims. However, once installed, it quietly opens a backdoor which grants the attackers full administrative access to the site.
Unfortunately for the internet, hackers are as innovative as they are deceptive, and the malware showcased in this attack uses several techniques to avoid detection. Firstly, it hides itself from the WordPress dashboard, so website admins don’t see it listed alongside any other plugins they use. It also modifies key files in the website setup to make sure that the malware is reinstalled even if a legitimate admin manages to delete it.
The malware has been observed to carry out a number of malicious actions once activated. JavaScript ads and spam obtained from similarly compromised websites is delivered to affected websites, with the focus here being clearly on creating revenue from advertising via click fraud. And with 810 million WordPress websites at risk of being compromised, this could prove to be highly lucrative for the threat actors behind the attack.
How Can You Protect Your WordPress Site?
Attacks such as this demonstrate the importance of practicing good security habits when managing a website. With the risk of reputational and financial damage a very real risk here – especially if you rely on your website for revenue – it’s crucial that you follow our three top tips for protecting your WordPress site:
- Only Use Trusted Plugins: Only download plugins and themes from the official WordPress plugin repository or from developers with a proven reputation for safety. Avoid installing plugins shared in forums, online marketplaces, or downloaded from websites that lack credibility.
- Keep Everything Updated: Regularly update your WordPress core, themes, and plugins. Hackers will often exploit known vulnerabilities in outdated software, so make sure you don’t make their job easy. Set reminders or enable automatic updates where possible.
- Use Strong Security Tools: Install a reliable WordPress security plugin that includes malware scanning, firewall protection, and brute force attack prevention such as Cloudflare, Wordfence, or SolidWP. Also, enable multi-factor authentication for all administrator accounts to reduce the risk of unauthorized access.
For more ways to secure and optimize your business technology, contact your local IT professionals.
Read More