A number of web security companies have recently reported a dramatic increase in attacks on WordPress sites. Approximately 30,000 sites have been infected at last count, with most being based in the U.S.
The goal of the attacks seems to be to distribute rogue antivirus software. According to web security company Websense, “The injection hijacks visitors to the compromised sites and redirects them to rogue AV sites that attempt to trick them into downloading and installing a Trojan onto their computer.”
Internet security firm Sucuri has stated that in each case they have analyzed, the site was either running an outdated version of WordPress or a vulnerable plugin.
This should serve as a good reminder to keep your WordPress software and plugins updated. The attackers were also said to be gaining entrance to sites via weak passwords, so let that be a reminder as well.
If you would like to test your site for hacks and malware, Sucuri has an easy to use site-checker.
Featured Plugin - WordPress Wiki Plugin
Photo: Other Danger Sign from BigStock