• EN
  • ID
    • Doxa Tips

    100,000+ WordPress sites attacked by malware, 11,000+ domains blocked by Google

    December 9, 2024

    In December 2014, it wasn’t only companies like Sony Pictures that fell victim to hacker attacks, but a security service blog, Sucuri, also released a shocking statement warning WordPress users about the ‘Soaksoak’ malware attack. This attack targeted more than 100,000 websites and resulted in over 11,000 sites being blocked by Google.

    Initial analysis suggests there might be a correlation between this attack and a security vulnerability found in one of the most popular WordPress plugins, RevSlider (Revolution Slider), although no official statement has been released on this yet.

    Has your site been affected by this attack?

    There are two ways to check if your site has been impacted by this attack:

    1. Check the wp-includes/template-loader.php file and see if the script is loading ‘swfobject’:
      <?php
      function FuncQueueObject()
      {
      wp_enqueue_script(“swfobject”);
      }
      add_action(“wp_enqueue_scripts”, ‘FuncQueueObject’);
    2. Perform a manual check using the free SiteCheck Scanner provided by Sucuri.

    Website Security Actions

    Fact: Hacking attempts happen almost every day.

    The reality is that hacking activity will never stop. For hackers, penetration activities are sometimes carried out like puzzle-solving, a challenging activity. If you are a blogger or an individual without technical skills, we must admit that this could be a nightmare for you.

    Read Also: Fast websites are important!

    As one of the web development companies in Indonesia, we too have experienced this. In December 2014, two of our clients faced serious attacks that took down their websites for up to one day. However, with proper preparation, the damage was minimized.

    Here are the basic security steps we recommend:

    1. Ensure your WordPress is up to date.
    2. Perform regular backups.
    3. Update your plugins (but make sure they are compatible with the latest WordPress version).
    4. Never use cracked commercial plugins. You never know if malicious code has been inserted into them.
    5. Protect wp-admin with .htaccess authentication.
    6. Make sure your file permissions are correct. We use CHMOD 755 for folders and CHMOD 644 for PHP scripts.
    7. If you’re using a VPS, avoid using the ‘root’ user for daily activities.
    8. Don’t use ‘admin’ or ‘administrator’ as usernames on your website.
    9. Use a strong, hard-to-guess password combination.

    News Source: Sucuri Blog
    Security Tips & WordPress: WordPress Doc, wpcop

    If you need help optimizing and securing your WordPress site, feel free to contact us at info@doxadigital.com.

     

    4o mini

    Latest Articles

    Please Fill the Form Below!

    WA Popup Form