Shadow directories: a quiet way to hijack WordPress permalinks
We’re seeing a crafty SEO-spam tactic against WordPress sites: attackers create shadow directories that mimic…
malware
Fake “Java Update” pop-up hidden inside a malicious WordPress plugin
A new social-engineering tactic is targeting WordPress sites with a convincing “Java Update” pop-up. It…
Malware intercepts Googlebot with IP-verified conditional logic
Some attackers now hide spam content from people — and show it only to search…
Google sees spam, you see your site: cloaked SEO spam explained
Some attacks don’t vandalise your pages. Instead, they quietly turn your website into a mouthpiece…
Fake browser update pop-ups targeting WordPress administrators
A new social-engineering campaign is abusing a malicious WordPress plugin to show convincing fake browser…
Auto-login backdoor disguised as a JavaScript data file in WordPress
A stealthy backdoor is targeting WordPress sites by posing as a harmless JavaScript asset. In…
Malvertising hiding in plain sight on WordPress websites
We’re seeing a malvertising campaign that quietly injects third-party scripts into WordPress sites. It looks…
Malicious “WordPress Player” plugin: how covert redirects hijack your site
Some WordPress sites are seeing visitors land normally and then—after a short pause—being whisked away…
Ad-jacked: fake Google AdSense injected into WordPress
If your website is suddenly showing strange adverts or new ad code has appeared without…
Cascading Redirects: Protecting Your WordPress Site from JavaScript Malware
WordPress websites are frequent targets for cybercriminals, with new threats emerging all the time. One…