15,000 WordPress Sites Hit By Malware Redirect

Forum Moderators: rogerd & travelin cat

Message Too Old, No Replies

15,000 WordPress Sites Hit By Malware Redirect

engine

9:05 pm on Nov 18, 2022 (gmt 0)

Securi has said there's a malware redirect which has hit 15,000 WordPress sites.

The most commonly affected files are core WordPress files, however this malware is also found to infect malicious .php files created by other unrelated malware campaigns.

[blog.sucuri.net...]

martinibuster

9:36 pm on Nov 18, 2022 (gmt 0)

There are a couple things about that article that need to be raised.
1. The article does not take the extra step to identify what plugins or conditions are responsible.
What that means is that the author is simply collecting evidence of random infections, which does NOT help you or anyone.

What is important is to find the vector of infection, the cause. This article is not concerned with that. It's like saying, OMG fifty cars have a flat tire. So what?

The article is essentially useless because it does not tell you what's wrong. It might not even be WordPress, it could be sites using EOL versions of PHP.

2. 15,000 sites is really not a big deal. You know how many 15k vulnerabilities there are? About a dozen pop up pretty much every day. It's like, wow man... yawn. That was literally my response the first time I saw that article.

Here's a bigger deal. There are five plugins for WooCommerce that have over 135,000 vulnerabilities.

[searchenginejournal.com...]