No announcement yet.

Wordpress Malware

  • Filter
  • Time
  • Show
Clear All
new posts

  • Wordpress Malware

    Posted on 12/15/14, the news items reads: "About 100,000 or more websites running the WordPress content management system have been compromised by mysterious malware that turns the infected sites into attack platforms that can target visitors, security researchers said."

    I found malware on one of my Wordpress sites by using the website checker at and then loaded the plugin Wordfence and scanned. My infection appeared to be in the footer files for each theme but I did not have the slider mentioned in some articles.

    Using the free plugin, I also watched as a site in China and one in Russia attempted to access some non-existent files on my site. I added blocks to who blocks of IP addresses at the present time, until this gets shut down.

    If you are running ANY version of Wordpress, I suggest you get to work checking them now!

  • #2
    It is very important to keep your Wordpress install updated and also only use themes/plugins from trusted sources. NEVER ever use a "free" version of a paid theme. They are hacked versions and will contain malware. Another good tip is to enable the "jail host" option in your control panel. This means that if you do get hacked, the other sites on your account should remain safe.


    • #3
      Mine passed Thanks for the heads up and link Mark..


      • #4
        Thanks for the Link Mark!! - bookmarked for MY toolkit.


        • #5

          clivejo has explained everything.

          If you get infected the Outgoing Connection Manager, ModSecurity and Jail Host option can help you a lot though.

          As for the sucuri service - it is good, although expensive.

          Basically what they do is:

          but they have it scripted.

          Best Regards,


          • #6
            My site passed as well!


            • #7
              thanks god, all my sites are safe.

              btw, I would recommend to use DNS firewall from cloudflare, which set another barrier in dns part to help you fight the malicious attack.