WordPress is a popular content management system used by blogs around the world, and its widespread popularity also means that it makes for a great malware distribution platform. No, WordPress isn’t distributing malware, but thanks to a malware that has compromised certain WordPress websites, they have inadvertently turned WordPress into a malware distribution system.
According to reports, more than 100,000 WordPress websites have been infected by this mysterious malware that turns WordPress sites into attack platforms which have the potential to attack visitors who visit it. Because of this, Google has since flagged more than 11,000 domains as malicious.
It was suspected that this could be due to a vulnerability in the Slider Revolution plugin and this has since been confirmed by Sucuri, a company that helps website operators secure their servers. However Sucuri notes that getting website owners to patch the plugin could be hard, especially when you consider that the plugin is a premium plugin.
“Some website owners don’t even know they have it as it’s been packaged and bundled into their themes. We’re currently remediating thousands of sites and when engaging with our clients many had no idea the plugin was even within their environment,” writes Sucuri on their blog. At this time of writing, WordPress has yet to respond to the attacks.