Online security can be quite a challenge to maintain these days actually, and it does not help when users are less than knowledgeable. In fact, approximately 50,000 sites have been allegedly hit by backdoors no thank to malware that target a popular and vulnerable WordPress plugin, at least according to Daniel Cid, a researcher.
Daniel Cid is the founder of Sucuri, and he claims that the malware has the ability to infect just about any site which resides on the server of a hacked WordPress website. This particularly flawed plugin would enable anyone with malicious intent to “inject anything” into sites, and this would range from spam to defacing the site itself and malware.
Cid shared that the malware code does carry with it some bugs, as it started to cause many websites to not work properly, all the while ensuring that good files were overwritten in addition to appending different statements in loops at the end of files. Apparently, the hacked sites used either MailPoet or had it installed on another sites that have a similar shared account, which means that there is a risk of cross-contamination. Obviously, WordPress site owners ought to do their bit to ensure that these vulnerable plugins are updated to prevent any unwanted happenings.
An obvious sign of infection would see this error surface: “Parse error: syntax error, unexpected ‘)’ in /home/user/public_html/site/wp-config.php on line 91″.