Hacked WordPress sites launch drive-by attacks on visitors

Hacked WordPress sites – hacked via outdated plugins – launch drive-by attacks on visitors

Hacked WordPress site warning

Hacked WordPress site warning

Hacked WordPress sites – Introduction

WordPress is the world’s most popular Content Management System (CMS) website-building software. For that reason, it is also the most popular platform that hackers target, usually via old plugins that have security vulnerabilities that the latest versions have patches for.

Webmasters add features to the websites that WordPress powers by installing them as plugins and widgets. Using a CMS makes it possible to make changes to the entire website just by changing the information that plugins or widgets provide, which saves plenty of time.

For example, a webmaster can change adverts just by changing the ad code, usually written in JavaScript, that  the plugin or widget puts in place on every page of a website. In the past, Webmasters had to do that by hand for each page before the availability of CMS systems.

Unfortunately, if hackers hack a CMS website – via cracking its login information (user name and password) or via a vulnerable plugin – they can influence the content of the entire site in the exactly the same ways as the webmaster or site owner can.

The image at the top of this page shows the kind of warning that accessing such a site produces if the search engines come to know that it is not secure.

The difference between plugins and widgets

Read the following page to find out the difference between plugins and widgets.

https://wordpress.org/support/topic/what-is-the-difference-between-a-pluggin-and-a-widget

How hackers infect WordPress sites

The following article by the Malwarebytes security company deals with how hackers infect WordPress sites so that they infect the computers of visitors to the infected sites just by visiting them, known as drive-by malware attacks.

Compromised WordPress sites launch drive-by attacks off Pirate Bay clone –

https://blog.malwarebytes.org/exploits-2/2015/04/..

Web-search for information on hacked WordPress sites and how to clean them

Web-search for pages on WordPress sites hacked – 

https://duckduckgo.com/?q=wordpress+sites+hacked&ia=web