Last year, a virus was found infecting 10,890 sites by redirecting them to fake sites, with an aim to generate AdSense revenue. The same virus has made a return this year, infecting over 2,600+ sites already.



To avoid getting infected by the virus, it is recommended to patch all software and secure wp-admin panels. Ben Martin from Sucuri reports that the virus has targeted over 10,890 websites since September 2022.
Additionally, approximately 70 malicious sites have emerged, posing as URL shorteners, leading to a recent increase in virus activity. As of now, almost 2,600+ sites have been infected in 2023 alone.

To stay protected, users should ensure all access points such as admin credentials, FTP accounts, cPanel, and hosting have reset passwords. It's essential to remain vigilant and prioritize website security.

Sucuri cybersecurity researchers discovered that an unknown variant of malware has infected thousands of WordPress sites, redirecting visitors to another site to load ads on the Google Ads platform for profit. The malware has affected approximately 11,000 WordPress-based sites.

Although WordPress is generally considered a secure hosting platform, it has numerous plugins with potential vulnerabilities. Researchers suggest that the malware creators may have exploited known, unpatched flaws. The malware's principle is simple - redirect people to a Q&A site to view fraudulent ads.

In comparison to a similar campaign last year, attackers in this campaign have made significant efforts to hide their malware and make it more resistant. To avoid being infected, Sucuri recommends keeping sites and plugins up-to-date and securing the wp-admin panel with multi-factor authentication and strong passwords. Those already infected should reset passwords for all access points and place the site behind a firewall.

WordPress sites are a common target for cyberattacks due to their popularity and the large number of websites running on the WordPress platform. Attackers often exploit vulnerabilities in outdated themes, plugins, or core WordPress files to gain unauthorized access, inject malicious code, or redirect users to fake or harmful websites.

Some common types of attacks targeting WordPress sites include:

1. Brute Force Attacks: In this type of attack, hackers attempt to guess the website's admin username and password by systematically trying various combinations.
 
2. Malware Infections: Attackers can inject malicious code into vulnerable WordPress files, themes, or plugins, which then infect the site and compromise its security.

3. Distributed Denial of Service (DDoS): Attackers overwhelm a website's server with an excessive amount of traffic, causing the site to crash or become inaccessible to legitimate users.

4. SQL Injection: This is a technique where attackers exploit vulnerabilities in the website's database to execute unauthorized SQL queries, potentially gaining access to sensitive information or modifying data.

To protect WordPress sites from such attacks, it's crucial to follow security best practices:

1. Keep WordPress and all associated themes and plugins updated to the latest versions, as updates often include security patches.

2. Use strong, unique passwords for all user accounts, including the admin account.

3. Install a reputable security plugin that offers features like firewall protection, malware scanning, and login lockdown.

4. Regularly backup your website's content and database to ensure you have a restore point in case of an attack or data loss.

5. Remove any unnecessary themes or plugins from your WordPress installation.

6. Limit access to sensitive areas, such as the wp-admin panel, by restricting IP addresses or implementing two-factor authentication.

7. Monitor your website's traffic and server logs for any suspicious activity.

8. Use a secure hosting environment: Choose a reputable hosting provider that prioritizes security measures, such as regular server updates, strict access controls, and malware scanning.

9. Implement SSL/TLS encryption: Enable HTTPS on your WordPress site to encrypt communication between the server and users, ensuring data integrity and preventing eavesdropping.

10. Limit login attempts: Install a plugin or use security features that restrict the number of failed login attempts from a single IP address, reducing the risk of brute force attacks.

11. Disable file editing: Modify the WordPress configuration file to disable the ability to edit theme and plugin files from the wp-admin panel, making it harder for attackers to inject malicious code.

12. Secure the wp-config.php file: Move the wp-config.php file one directory level above the root folder to prevent unauthorized access to sensitive information such as database credentials.

13. Use a reputable theme and plugin sources: Download themes and plugins only from trusted sources, and regularly update them to patch any security vulnerabilities.

14. Implement website monitoring: Utilize services or plugins that constantly monitor your website for security breaches, suspicious activity, or unauthorized changes.

15. Educate users and administrators: Train website owners, administrators, and other users on best security practices, such as creating strong passwords, being cautious of phishing attempts, and regularly updating their devices.

16. Set up a website firewall: Consider implementing a web application firewall (WAF) that can help detect and block malicious traffic before it reaches your WordPress site, providing an additional layer of protection.

17. Enable two-factor authentication (2FA): Require users, especially administrators, to authenticate using a second factor such as a unique code sent to their phone or generated by an authentication app, which adds an extra layer of security to prevent unauthorized access.

18. Regularly scan for malware: Utilize security plugins or online scanning services to regularly scan your WordPress site for malware or suspicious files. Promptly remove any detected threats.

19. Secure file permissions: Set appropriate file permissions on your WordPress files and directories to restrict unauthorized access. Typically, directories should have 755 permissions, and files should have 644 permissions.

20. Disable directory indexing: Prevent directory browsing by disabling directory indexing, as it can potentially expose sensitive files or directories to attackers.

21. Implement security headers: Add security headers to your website's HTTP response, such as Content Security Policy (CSP), Strict Transport Security (HSTS), and X-Frame-Options, to mitigate various types of attacks like cross-site scripting (XSS) and clickjacking.

22. Regularly review and update user accounts: Periodically audit and remove any inactive, unnecessary, or unused user accounts from your WordPress site to minimize potential security risks.

23. Stay informed about WordPress vulnerabilities: Keep yourself updated with the latest security news, vulnerabilities, and patches related to WordPress by following official WordPress resources, security blogs, and forums dedicated to WordPress security.

24. Consider using a trusted security plugin: Deploying a reputable security plugin tailored for WordPress can automate many security measures, provide real-time threat monitoring, and offer additional features for enhanced protection.

25. Have a disaster recovery plan: Prepare a backup and recovery plan to ensure that you can quickly restore your website to its previous state in the event of an attack or any unforeseen issues.


There have been several notable attacks on WordPress sites over the years. Here are some of the most famous ones:

1. Pharma Hacks: This attack involved hackers injecting spam content, typically related to pharmaceutical products, into compromised WordPress sites. The injected content would then be indexed by search engines, leading to an increase in fake pharmacy search results.

2. TimThumb Vulnerability: TimThumb was a widely used image resizing script for WordPress themes. In 2011, a critical vulnerability was discovered in the script, allowing attackers to upload and execute malicious PHP code on affected websites. This vulnerability resulted in a large number of sites being compromised.

3. SoakSoak Malware: In 2014, the SoakSoak malware infected thousands of WordPress websites through a vulnerability in the RevSlider plugin. The malware caused the compromised sites to redirect visitors to malicious websites hosting exploit kits.

4. WP-VCD Malware: The WP-VCD malware campaign targeted vulnerable WordPress sites by infecting them with a backdoor script. This malware allowed attackers to gain unauthorized access to the infected sites and distribute additional malware or perform other malicious activities.

5. Brute Force Attacks: Brute force attacks targeting WordPress sites have been prevalent for years. These attacks involve automated scripts attempting to guess the website's admin username and password by trying various combinations. Brute force attacks can lead to unauthorized access and compromise website security.

6. XML-RPC Attacks: XML-RPC is a remote procedure call protocol used by WordPress for various functionalities, such as pingbacks and remote publishing. However, it has also been exploited by attackers in the past. XML-RPC attacks involved hackers leveraging vulnerabilities in the protocol to carry out brute force attacks or execute malicious code.

7. Malicious Plugin Exploits: Attackers have targeted vulnerable or outdated plugins installed on WordPress sites to gain unauthorized access. By exploiting plugin vulnerabilities, hackers can inject malicious code, steal sensitive information, or take control of the entire website.

8. WordPress RevSlider Plugin Vulnerability: In 2014, a vulnerability in the widely used RevSlider plugin was exploited by attackers leading to a massive number of websites being compromised. The vulnerability allowed remote code execution, enabling attackers to upload and execute arbitrary PHP files on affected sites.

9. WP GDPR Compliance Plugin Vulnerability: In 2018, researchers discovered a vulnerability in the WP GDPR Compliance plugin, which is used to handle General Data Protection Regulation (GDPR) compliance on WordPress sites. The exploit allowed attackers to modify site content, inject malicious scripts, or gain unauthorized administrative access.

10. File Inclusion Exploits: File inclusion vulnerabilities in themes, plugins, or custom code can be abused by attackers to manipulate the file paths and include arbitrary files. This can give them access to sensitive files, execute malicious code, or conduct further attacks on the WordPress site.

11. Distributed Denial of Service (DDoS) Attacks: While DDoS attacks are not specific to WordPress sites, they have been used against them. A DDoS attack floods a website with traffic, overwhelming its resources and causing it to become inaccessible to legitimate users.

12. Malvertising Attacks: Malvertisements are online advertisements that contain hidden malware or redirect users to malicious websites. Hackers have used malvertising campaigns to target WordPress sites by injecting malicious code into ads that appear on compromised websites, exposing visitors to malware.

13. Cross-Site Scripting (XSS) Attacks: XSS attacks involve injecting malicious scripts into trusted websites, which then execute the scripts in the browsers of unsuspecting users. These attacks can lead to session hijacking, data theft, or the injection of malicious content.

14. SQL Injection Attacks: SQL injection is a technique where attackers manipulate SQL queries executed by a website's database, potentially gaining unauthorized access to sensitive information or modifying data. This type of attack exploits vulnerabilities in poorly secured input fields or inadequate input sanitization.

15. Backdoor Exploits: Hackers sometimes gain unauthorized access to WordPress sites by inserting backdoors - hidden access points that allow them to maintain control over the compromised site even after security measures have been taken. Backdoors can be used to execute arbitrary code, upload malware, or steal sensitive information.

16. Distributed Brute Force Attacks: In distributed brute force attacks, hackers use large botnets to distribute the workload of attempting login credentials across multiple IP addresses, increasing the likelihood of a successful login. This approach makes it challenging for traditional rate-limiting or IP blocking defenses to effectively mitigate the attack.

17. Supply Chain Attacks: Supply chain attacks involve compromising trusted third-party software or plugins that are commonly used on WordPress sites. Attackers infiltrate the software development process and insert malicious code, intending to exploit the software's widespread adoption and infect numerous websites.

18. Man-in-the-Middle (MitM) Attacks: MitM attacks involve intercepting communications between a user and a server to eavesdrop, modify, or inject malicious content. This attack method can be used to steal login credentials, session cookies, or other sensitive information transmitted between the user and the WordPress site.

19. Cross-Site Request Forgery (CSRF) Attacks: CSRF attacks trick authenticated users into unknowingly executing unwanted actions on a trusted website. Attackers exploit the trust associated with the user's session to perform actions on their behalf, potentially leading to unintended changes or actions on the WordPress site.

20. Zero-day Exploits: Zero-day exploits target vulnerabilities that are unknown to the software developers or the general public. Attackers discover and exploit these vulnerabilities before patches or security updates are released, giving them an advantage in compromising WordPress sites.

21. Password Hash crаcking: If a website's password hashes are exposed or obtained by attackers, they can use powerful computing resources to crаck the passwords. This is especially dangerous if users have weak or easily guessable passwords.

22. Phishing Attacks: Phishing attacks are attempts to trick users into revealing their sensitive information, such as login credentials or financial details, through fraudulent emails or websites that mimic legitimate WordPress login pages or other trusted entities.

23. Malware Distribution via compromised Plugins/Themes: Attackers often compromise popular plugins or themes in the WordPress ecosystem, infecting them with malware. When users download and install these compromised plugins or themes, they unwittingly introduce malware onto their websites.

24. Social Engineering Attacks: Social engineering involves manipulating individuals to disclose sensitive information or perform certain actions. Attackers might impersonate legitimate administrators or support staff and convince WordPress site owners to disclose login credentials or other sensitive details.

25. Advanced Persistent Threats (APTs): APTs target high-value WordPress sites, typically with the objective of prolonged unauthorized access. Attackers employ sophisticated techniques to remain undetected and maintain control over compromised sites for an extended period.

I'm frustrated that website owners are not taking the necessary precautions to protect their online presence. The fact that approximately 70 malicious sites are posing as URL shorteners is a clear indication of the sophistication of these attacks. It's time for website owners to take responsibility for their security and stop relying on reactive measures. By prioritizing security and taking proactive steps, we can prevent these types of infections and protect the integrity of the web.