Another WordPress exploit hits thousands of sites

wordpress version released to fix six serious vulnerabilities wordpressheader
The downside of becoming a popular content management system is that more and more people are looking for bugs you may have, in order to exploit them. It makes sense, as the more people use something, the more potential targets you have if you find a bug. But for WordPress’ developers, it must be an exercise in frustration patching holes as often as they need to.

Yet another bug has been found in the popular CMS in the past couple of weeks, and it’s seen thousands of sites targeted and millions of visitors made vulnerable. Visitors to sites that have been compromised risk being redirected to a site that attempts to infect them with the Nuclear Exploit kit, an ever-evolving arsenal of malware that can inject ransomware into a system, locking the desktop and encrypting files while demanding payment to return them to normal.

This nefarious campaign has been termed VisitorTracker by website security firm Sucuri, which is keeping on top of the malware’s development. At its current rate, around 6,000 WordPress sites are being infected every single day, which is a massive upswing from just a few days ago, where only 1,000 per day were being affected.

Related: Should you worry about malware on your phone? We asked the experts

Unfortunately, despite the interest in this exploit, nobody is quite sure how it’s infecting sites as of yet – though the expected entry point is one or more extensions and plugins. As a preventative measure, site owners are encouraged to update to the latest version of WordPress if they haven’t already and update all of their plugins – even the Premium ones.

Sucuri is — perhaps unsurprisingly — also advertising its own malware detection tool, which can scan a website to see if it’s been affected by this or any other threats. Even if your site hasn’t though, the firm still recommends a Sucuri subscription, which perhaps should be taken with a pinch of salt.

For the rest of us, it’s just a case of staying safe online with all of the usual safeguards. Be especially careful when visiting some of your favorite sites over the next week or so while this bug works itself out.


Patent highlights Apple's sky-high ambitions for AirPower wireless charger

At its September event last year, Apple unveiled the AirPower -- its new wireless charging mat that will allow you to charge multiple devices at one time. It has not yet been released. Here's everything we know about the device so far.

With 20,000 sites swallowed up, a botnet is eating WordPress alive

A botnet of infected WordPress sites has been attacking other WordPress sites, generating up to five million malicious logins on certain WordPress backends within the last thirty days.

These are the 5 best free antivirus apps to protect your MacBook

Malware protection is more important than ever, even if you eschew Windows in favor of Apple's desktop platform. Thankfully, protecting your machine is as easy as choosing from the best free antivirus apps for Mac suites.

Players' 'Red Dead Online' beta progress will carry over to the full release

Red Dead Online will gradually rolled out to Red Dead Redemption 2 players via a beta. We've got all the details about the beta's suite of competitive and cooperative modes, as well as what to expect going forward.

Best Products of 2018

Our reception desk has so many brown boxes stacked up, it looks like a loading dock. We’re on a first-name basis with the UPS guy. We get new dishwashers more frequently than most people get new shoes. What we’re trying to say is: We…

Windows 10 user activity logs are sent to Microsoft despite users opting out

Windows 10 Privacy settings may not be enough to stop PCs from releasing user activity data to Microsoft. Users discovered that opting out of having their data sent to Microsoft does little to prevent it from being released.

Intel's discrete graphics will be called 'Xe,' IGP gets Adapative Sync next year

Intel has officially dubbed its discrete graphics product Intel Xe, and the company also provided details about its Gen11 IGP. The latter will include adaptive sync support and will arrive in 2019.

Intel answers Qualcomm's new PC processors by pairing Core and Atom in 'Foveros'

Intel has announced a new packaging technology called 'Foveros' that makes it easier for the company to place multiple chips together on one package. That includes chips based on different Intel architectures, like Core and Atom.

Razer’s classic DeathAdder Elite gaming mouse drops to $40 on Amazon

If you're looking to pick up a new gaming mouse for the holidays, Amazon has you covered with this great deal on the classic Razer DeathAdder Elite gaming mouse with customizable buttons, RGB lighting, and a 16,000 DPI optical sensor.

Intel's dedicated GPU is not far off -- here's what we know

Did you hear? Intel is working on a dedicated graphics card. It's called Arctic Sound and though we don't know a lot about it, we know that Intel has some ex-AMD Radeon graphics engineers developing it.

Firefox 64 helps keep your numerous tabs under control

Mozilla officially launched Firefox 64 by placing new features into the laps of its users including new tab management abilities, intelligent suggestions, and a task manager for keeping Firefox's power consumption under control.

Here's our guide to how to charge your laptop using a USB-C cable

Charging via USB-C is a great way to power up your laptop. It only takes one cable and you can use the same one for data as well as power -- perfect for new devices with limited port options.

Apple MacBook Air vs. Microsoft Surface Pro 6

The MacBook Air was updated with more contemporary components and a more modern design, but is that enough to compete with standouts like Microsoft's Surface Pro 6 detachable tablet?

Installing fonts in Windows 10 is quick and easy -- just follow these steps

Want to know how to install fonts in Windows 10? Here's our guide on two easy ways to get the job done, no matter how many you want to add to your existing catalog, plus instructions for deleting fonts.