Outdated versions of WordPress and outdated plugins have been blamed for the injection of malware in over 30,000 WordPress sites recently.
The injection hijacks visitors to the compromised sites and redirects them to rogue AV sites that attempt to trick them into downloading and installing a Trojan onto their computer. Source Websense
This report is not as bad as the 4800 Hacked Websites Lost With No Chance of Recovery
I’ve been writing a lot lately about WordPress security and why its so crucial to update WordPress scripts to secure your site so this only reinforces the need to secure your WordPress installation and take full backup.
More than 85 percent of the compromised sites were located in the U.S.
Weak admin passwords have also been blamed as many WordPress owners use short passwords and don’t change the username from the default, admin.
My advice to WordPress webmasters is to:
- Update WordPress
- Update plugins
- Update themes
- Limit login attempts
- Use strong and long username’s & passwords
- Secure .htaccess files
- Backup WordPress files & databases