WordPress sites hacked via outdated plugins launch drive-by attacks on visitors

WordPress is the world’s most popular Content Management System (CMS) website-building software and for that reason it is also the most popular platform that hackers target, usually via outdated plugins that have security vulnerabilities that have been patched in the latest versions. Features are added to websites by installing them as plugins and widgets. Using a CMS makes it possible to make changes to the entire website just by changing the information provided by plugins or widgets, which saves a lot of time. For example, ads can be changed just by changing the ad code, usually JavaScript, provided by a plugin or widget.

Unfortunately, if hackers hack a CMS website via cracking its login information (user name and password) or via a vulnerable plugin, they can influence the content of the entire site in the same ways as the webmaster or site owner can. Read the following page to find out the difference between plugins and widgets.

https://wordpress.org/support/topic/what-is-the-difference-between-a-pluggin-and-a-widget

The following article by the Malwarebytes security company deals with how hackers infect WordPress sites so that they infect the computers of visitors to the infected sites just by visiting them, known as drive-by malware attacks.

Compromised WordPress sites launch drive-by attacks off Pirate Bay clone –

https://blog.malwarebytes.org/exploits-2/2015/04/…

Leave a Reply