Once again there’s a raid against WordPress blogs infecting them with malware. This time the attacks are done in a way that Firefox’s and Chrome’s built-in security features for evil code can’t detect the malware.
It looks like this attack has focused on hosting providers like Dreamhost, GoDaddy, Bluehost and Media Template and it’s unsure at the moment if it’s because of a vulnerability in the latest WordPress version, un-updated WordPress installations, bugs in a plugin or something else. Until the source of this problem has been detected it’s recommended for everyone with a WordPress blog to check their site for Javascript code you know you didn’t add in your site.
If you find Javascript code you know you didn’t add in your site you need to remove the code as soon as possible since the longer you wait the more damage your reputation will suffer (and of course the more damage your visitors will suffer).
Some helpful tips to minimize the damages caused by these evil hackers:
- Update WordPress to the latest version
- Update your plugins to the latest version
- Make daily backups of your blog (both site and database)
- Select a hard-to-guess password for your admin account
- Install the Antivirus plugin
If you’re on a shared hosting service you could end up getting your blog infected with maleware even if you have WordPress and all your plugins updated to the latest version 🙁 , so then daily backups may be the only thing saving you…
