Published in News

Thousands of Wordpress sites infected

by on16 December 2014



You know you are SoakSoaking in it?

Hundreds of thousands of websites running Wordpress have been infected by a piece of malware called SoakSoak. Google has flagged more than 11,000 domains hosting a Wordpress website as malicious. 

Websites running a third-party plug-in called Slider Revolution are being hacked, and malicious code is being installed that will in turn infect those who visit the website. The developers of the plug-in, ThemePunch, have admitted that they knew about the vulnerability in February this year but kept quiet about it. 

ThemePunch in developed 29 security fixes from February to September, resisting a public call for action because of a “fear that an instant public announcement would spark a mass exploitation of the issue”.

The company had hoped that most users would install these updates, solving the problem, but it now admits that this was “sadly not the case.”

“We as a team would like to apologise officially to our clients for the problems that arose due to the security exploit in Revolution Slider Plugin versions older than 4.2, ? it says on its website.

Short answer is that you have to upgrade everything that moves on your wordpress site or it will be toast.

Rate this item
(1 Vote)