The downside of becoming a popular content management system is that more and more people are looking for bugs you may have, in order to exploit them. It makes sense, as the more people use something, the more potential targets you have if you find a bug. But for WordPress’ developers, it must be an exercise in frustration patching holes as often as they need to.
Yet another bug has been found in the popular CMS in the past couple of weeks, and it’s seen thousands of sites targeted and millions of visitors made vulnerable. Visitors to sites that have been compromised risk being redirected to a site that attempts to infect them with the Nuclear Exploit kit, an ever-evolving arsenal of malware that can inject ransomware into a system, locking the desktop and encrypting files while demanding payment to return them to normal.
This nefarious campaign has been termed VisitorTracker by website security firm Sucuri, which is keeping on top of the malware’s development. At its current rate, around 6,000 WordPress sites are being infected every single day, which is a massive upswing from just a few days ago, where only 1,000 per day were being affected.
Unfortunately, despite the interest in this exploit, nobody is quite sure how it’s infecting sites as of yet – though the expected entry point is one or more extensions and plugins. As a preventative measure, site owners are encouraged to update to the latest version of WordPress if they haven’t already and update all of their plugins – even the Premium ones.
Sucuri is — perhaps unsurprisingly — also advertising its own malware detection tool, which can scan a website to see if it’s been affected by this or any other threats. Even if your site hasn’t though, the firm still recommends a Sucuri subscription, which perhaps should be taken with a pinch of salt.
For the rest of us, it’s just a case of staying safe online with all of the usual safeguards. Be especially careful when visiting some of your favorite sites over the next week or so while this bug works itself out.