It was reported last week by security firm, Sucuri, that Google has blacklisted over 11,000 malware-infected WordPress domains, and over 100,000 sites in total have been affected by a new malware campaign from SoakSoak.ru.
There is a WordPress plugin called RevSlider that has a vulnerability that allows SoakSoak to modify a file in a site’s WordPress installation, and then loads Javascript malware.
To the dismay of many WordPress users, RevSlider is used in WordPRess themes, so many site owners probably don’t even know they use the plugin in their site. Because of that, they don’t even know to update to prevent a malware attack. According to Daniel Cit from Sucuri, it isn’t a plugin that isn’t easily updated.
“The biggest issue is that the RevSlider plugin is a premium plugin, it’s not something everyone can easily upgrade and that in itself becomes a disaster for website owner. Some website owners don’t even know they have it as it’s been packaged and bundled into their themes.”
Anybody who visits these infected sites might be redirected to a webpage that will try downloading malware to their computers. By blocking these infected sites, Google hopes to prevent the malware from spreading any farther than it already has.
If you think that there is a chance that your WordPress site was infected by SoakSoak software, you can check out the resources listed in this WordPress Support thread. They will hopefully help you correct the problem.
If you know you’re site is clean, then it’s simply a matter of making sure your WordPress plugins are updated. This is to be sure you’re full protected against security vulnerabilities. It’s also a smart idea to update your WordPress installation as well. An updated WordPress is a good WordPress.
Original Source by SEJ’s Matt Southern