30,000 WordPress Sites Hacked & Injected With Malware

Outdated versions of WordPress and outdated plugins have been blamed for the injection of malware in over 30,000 WordPress sites recently.

The injection hijacks visitors to the compromised sites and redirects them to rogue AV sites that attempt to trick them into downloading and installing a Trojan onto their computer. Source Websense

This report is not as bad as the 4800 Hacked Websites Lost With No Chance of Recovery

I’ve been writing a lot lately about WordPress security  and why its so crucial to update WordPress scripts to secure your site so this only reinforces the need to secure your WordPress installation and take full backup.

More than 85 percent of the compromised sites were located in the U.S.

Weak admin passwords have also been blamed as many WordPress owners use short passwords and don’t change the username from the default, admin.

My advice to WordPress webmasters is to:


3 responses to “30,000 WordPress Sites Hacked & Injected With Malware”

  1. […] security features and that you are overriding any bugs that may have been in the earlier versions. This article shows what can happen when you DON’T update your […]

  2. Greg Ledger Avatar
    Greg Ledger

    The problem we have is when WordPress comes out with a new version (which is every freaking month) and we have to wait to find out which of our plugins will work with the new version. There is a lag. I think during this time it is possible for a hacker to use this vulnerability…so how can this be prevented? I have a really cool plugin that I want to keep using even tho the plugin author isn’t always up to speed on the newest version of WordPress.

    1. Brad Dalton Avatar
      Brad Dalton

      Take full backup and store it away from your server.

Leave a Reply