<< back New malware targeting WordPress sites

WordPress powers approximately 43.5% of all websites, making it the most popular content management system globally. This widespread use, while advantageous for its flexibility and user-friendliness, also makes WordPress a prime target for cyberattacks. Recently, a sophisticated PHP reinfector and backdoor malware has been identified by Sucuri, targeting WordPress sites by embedding malicious code into plugins and critical database tables like wp_posts and wp_options.

Understanding the Threat

This malware operates by executing unauthorized PHP code on the server, creating malicious admin users, and utilizing code snippets to further its reach. It can capture WordPress admin credentials, leading to potential account compromises. Additionally, it manipulates WordPress’s built-in cron system to regularly run malicious code, maintaining control over infected sites even after the obvious malicious code has been removed.

The Importance of Regular Updates

One of the most effective ways to protect your website from such threats is by keeping your WordPress core, themes, and plugins updated. Regular updates ensure that security vulnerabilities are patched, reducing the risk of exploitation by malware.

How We Can Help

We offer comprehensive services to safeguard your WordPress site:

  • Website and Plugin Updates: We manage and implement all necessary updates to your WordPress core, themes, and plugins on a monthly basis, ensuring your site remains secure against known vulnerabilities.
  • Sucuri Setup and Management: We can set up and manage a Sucuri account for your website, giving you regular server side malware scanning and a wordpress specific Web Application Firewall (WAF) that can block malware attacks before they even hit your site - as well as a malware removal service to clean up your site should anything get through.
  • Cloudflare Setup and Management: We can set up and manage a Cloudflare account for your website, not only providing a powerful Content Delivery Network (CDN) to improve your sites speed and reliability, but also a robust Web Application Firewall (WAF) to protect against threats like SQL injection, cross-site scripting (XSS), and DDoS attacks.

Get in Touch

Protecting your website is an ongoing process, and we're here to assist you every step of the way. For more information on how we can help secure your WordPress site, check out our Web Services Price List here, call us on 01952 883526 or email [email protected]

Don't wait until an attack compromises your site. Get in touch today to ensure your website remains safe and secure.