On Sunday, Dec. 14 2014, a new WordPress threat called SoakSoak infected over 100,000 sites. That number will have risen sharply over the last 2 days.
If your blog is infected, and that infection has been detected by Google and other security companies, your site will be blacklisted. That means it won’t appear in the search results and your rankings will plummet. To date, 11,000+ sites have been blacklisted.
This WordPress malware seems to exploit a vulnerability in older versions of the RevSlider plugin. This is not a plugin I use myself and is not part of the blogs I build for clients, but if you’ve added it to your blogs, you should check to see if they’re infected.
The RevSlider plugin may not be the only point of attack though, so you should check your WordPress sites today.
The blogs I build for myself and clients all come with security plugins and are hardened against hack attacks. However, there’s an ongoing arms race between hackers and site security and so there’s no 100% guarantee that a site won’t be hacked. WordPress security is like a burglar alarm – it’s a deterrent and will stop most from gaining access to your sites.
However, as a blog owner, you are responsible for keeping your sites as hacker-proof as possible. That means:
- Always keeping your themes and plugins up to date.
- Deleting themes and plugins you’re not using.
- Installing a security plugin or two (I already do this for the sites I offer here).
- Removing old WordPress installs you no longer use (these can ultimately infect visitors to the site or allow hackers to get access to a webserver).
If you’re infected don’t panic. The fixes are pretty basic.
Filed under: WordPress Security