By Gary Nugent

SoakSoak WordPress MalwareOn Sunday, Dec. 14 2014, a new WordPress threat called SoakSoak infected over 100,000 sites. That number will have risen sharply over the last 2 days.

If your blog is infected, and that infection has been detected by Google and other security companies, your site will be blacklisted. That means it won’t appear in the search results and your rankings will plummet. To date, 11,000+ sites have been blacklisted.

This WordPress malware seems to exploit a vulnerability in older versions of the RevSlider plugin. This is not a plugin I use myself and is not part of the blogs I build for clients, but if you’ve added it to your blogs, you should check to see if they’re infected.

The RevSlider plugin may not be the only point of attack though, so you should check your WordPress sites today.

Sucuri has a simple test to see if your site is infected.

The blogs I build for myself and clients all come with security plugins and are hardened against hack attacks. However, there’s an ongoing arms race between hackers and site security and so there’s no 100% guarantee that a site won’t be hacked. WordPress security is like a burglar alarm – it’s a deterrent and will stop most from gaining access to your sites.

However, as a blog owner, you are responsible for keeping your sites as hacker-proof as possible. That means:

  • Always keeping your themes and plugins up to date.
  • Deleting themes and plugins you’re not using.
  • Installing a security plugin or two (I already do this for the sites I offer here).
  • Removing old WordPress installs you no longer use (these can ultimately infect visitors to the site or allow hackers to get access to a webserver).

If you’re infected don’t panic. The fixes are pretty basic.

Fixing the SoakSoak infection

There’s more info on SoakSoak over on Sucuri’s blog and a more detailed look at the attack sequence.


Tagged with:

Filed under: WordPress Security