As WordPress continues to grow in popularity, so does its library. New and experienced developers are creating themes and plugins – which creates diverse directories. While this is useful to the WordPress community, the nature of mass creation can account for coding errors and vulnerabilities. Even premium themes have security issues. We often find code […]
Tag Archives: WordPress Security
Cloned Spam Sites in Subdirectories
In a recent post, we covered how attackers were abusing server resources to create WordPress sites in subdirectories and distribute spam. By adding a complete WordPress CMS installation into a directory and using the victim’s database structure, attackers were able to inject ads and promote their products – a very bold move. This time around, […]
New XM1RPC SEO Spam and Backdoor Campaign
We have been monitoring a new campaign specifically targeting WordPress sites, using hundreds of them for SEO spam distribution. We call it the XM1RPC campaign due to the common backdoor used across all of the compromised sites. The file is named in such a way as to confuse WordPress administrators who are familiar with XML-RPC. […]
Learning From Buggy WordPress Wp-login Malware
When a site gets hacked, the attack doesn’t end with the malicious payload or spam content. Hackers know that most website administrators will clean up the infection and look no further. Many go on to patch vulnerable software, change their passwords, and perform other post-hack steps. All of this is good, but hackers who follow […]
Malicious WordPress Subdirectory Installs For SEO Spam
Remediating over 500 infected sites per day, we see attacks executed at varying levels of complexity. The tactics attackers use to compromise a site provide insight into their motives. Some write elegant code and cover their trails carefully, while others create simple attacks that can be applied broadly but aren’t well concealed. Spammers never cease […]
WordPress Hack Modifies Core Files to Share Spam
One of the worst feelings a website owner can experience is discovering that your site has been hacked. Without proper security measures in place, even website owners with the best intentions can lose control of their website. When hackers gain access to your site, they can use it to host phishing content, distribute malware, steal… […]
Hacked Website Report – 2016/Q2
Today we’re releasing our quarterly Hacked Website Report for 2016/Q2. The data in this report is based on compromised websites we worked on, with insights and analysis performed by our Incident Response Team (IRT) and Malware Research Team (MRT). CMS Analysis Our analysis consisted of over 9,000 infected websites. The graphs below show a side-by-side… […]
Hacking WordPress Sites on Shared Servers
A website is only as safe as the weakest link on its shared server. Once a hacker gains access to one site on the server, they can easily infect other sites that share the same server permissions. This is called cross-site contamination. When it comes to WordPress websites, the core structure is well known by… […]
New Guide on How to Fix Hacked WordPress Sites
Our involvement in WordPress security has always been a core part of our mission here at Sucuri. We have teams who actively lend advice on WordPress support forums to hacked webmasters. We’ve taken a leadership role by creating sections of the official WordPress Codex relevant to security. Our company has attended over 75 WordCamps and… […]
Cleaning the Wp-Page Pharma Hack in WordPress
Pharma hacks are common website infections categorized under SEO spam. With pharma hacks, the attacker exploits vulnerable websites to distribute pharmaceutical advertisements to visitors. Symptoms of a pharma hack include embedded links and anchor text on pages or modified listings in Search Engine Results Pages (SERPs). These attacks most often target search engines like Google… […]
