Google Blocks Thousands Of WordPress Sites Following Malware Attack

SMS Text
wordpress-featured-image-760x350

Security firm Sucuri reports that Google has blacklisted over 11,000 malware-infected WordPress domains, and over 100,000 sites in total have been affected by a new malware campaign from SoakSoak.ru.

By using a vulnerability found in the WordPress plugin RevSlider, SoakSoak modifies a file in a site’s WordPress installation and loads Javascript malware.

RevSlider is often used in WordPress themes, so many site owners may not even know they’re using the plugin, let alone that they need to update it to prevent a malware attack. Moreover, it’s not a plugin that’s easily updated, as Sucuri’s Daniel Cid points out:

“The biggest issue is that the RevSlider plugin is a premium plugin, it’s not something everyone can easily upgrade and that in itself becomes a disaster for website owner. Some website owners don’t even know they have it as it’s been packaged and bundled into their themes”

Visitors of infected sites may be redirected to a webpage that will attempt to download malware onto their computers. Google’s decision to block infected sites shortly after the vulnerability became known will hopefully prevent the malware from spreading any further.

If you believe your WordPress site has been infected by the SoakSoak malware, there is a list of resources in this WordPress Support thread that can help you correct the problem.

If you’re in the clear, then let this be a reminder that it’s incredibly important to keep your WordPress plugins updated in order to be fully protected against security vulnerabilities. Updating your plugins is just as important as keeping your WordPress installation updated to the most current version.

Matt Southern
Matt Southern is the lead news writer at Search Engine Journal. His passion for helping people in all aspects of online marketing flows through in the expert industry coverage he provides.
Matt Southern
Get the latest news from Search Engine Journal!
We value your privacy! See our policy here.
  • @Matt What about these Hack, many people are getting traffic from these two websites and when you click on these websites it will redirect you to some shopping websites.
    1. econom.co
    2.forum.topic41269532.darodar.com

    I posted the issue to Google Product forum but no one from their team has replied, visits from these websites are increasing day by day.

    Do you have any update about this issue?

    • Tony toreto

      the same question i also want to get answered.. i am also getting some referral traffic from such domain whenever i try to access those url. they redirect me to some shopping site like alibaba etc

    • I was also facing same problem, but after putting below mentioned code in .htaccess it resolved.

      1.
      ## SITE REFERRER BANNING
      RewriteEngine on
      # Options +FollowSymlinks
      RewriteCond %{HTTP_REFERER} badsite\.com [NC,OR]
      RewriteCond %{HTTP_REFERER} badsite\. [NC,OR]
      RewriteCond %{HTTP_REFERER} sub\.badsite\.com [NC]
      RewriteRule .* – [F]

      2.
      # Set spammers referral as spam
      SetEnvIfNoCase Referer semalt.com spammer=yes
      SetEnvIfNoCase Referer buttons-for-website.com spammer=yes
      SetEnvIfNoCase Referer 7makemoneyonline.com spammer=yes
      SetEnvIfNoCase Referer darodar.com spammer=yes
      order allow,deny
      allow from all
      # Deny all spammers
      Deny from env=spammer

      In case there is other thing by which you stopped these referral spam please share.

  • Pankaj Bishwas

    Hi Matt,
    Thank you for the update about SoakSoak, I will update all of my plugins in WordPress.

    thanks
    pankaj

  • Matt! I especially like your idea of publishing articles about specific ideas and thoughts. For me, this is very enlightening.

  • Hi Matt,
    Thanks for sharing such a useful topic with us. I just want to know that, is there any possibility that free wordpress hosted Blogs can also be affected?

  • Ngan Son

    It seem so dangerous. Now all webmaster who use WP need to check the blog carefully.

    • Olive

      That is why I have come to trust developers who are able to make WP sites with much lesser plug ins.

  • Daniel

    WP is such a weak platform. Shame

  • I have been hearing a lot about this recently. We recommend to a lot of our clients to use wordpress security like warmour.net as it monitors the site so they don’t have to worry about things like this.

  • I have been hearing a lot about this recently. We recommend to a lot of our clients to use wordpress security like warmour as it monitors the site so they don’t have to worry about things like this.

    • Ya, Most of WordPress plugin have some bug. so they are just uploading some unnecessary files to access the server so keep updating servers.

  • Please keep in mind that the rev slider plugin is not the only attack vector these guys are exploiting, we’ve seen some intrusions in older versions of WP and/or via outdated plugins between 10 and 17 of the current month.

    Keep everything up to date! and make non-writable very file and folder that should not have that kind of permissions.

  • Thanks for sharing
    before 2 day i got got some cryptophp malware attack on my some site and i remove that sites at all.
    as you mention above google block many sites. how i can check whether my site is still blocked or not??

  • Shreya

    I just found my few sites hacked from the same campaign and i didn’t use use this plugin too but yaa i was using all in one seo premium plugin and i didn’t updated may be this plugin also cause an issue.

  • Shahzad Riaz

    Hi Matt,
    Thanks for the update about this Malware, I will update all of my plugins & WordPress asap.

    thanks
    Shahzad Riaz

  • I hope this is not the way to make the SPAM free web. I think some of the bloggers might have faced the problem. What you think Matt Sir?

  • Hi Matt
    My blogs have not got affected, but next time I will be aware of RevSlider plugin definitely before creating blog on wordpress and prudently use blogger as well.

  • Zachary R. Ellis

    Thank you for update about wordpress malware attack, now i will keep watch my wordpress blog on day to day..

  • I have been listening to a ton about this as of late. We prescribe to a great deal of our customers to utilize wordpress security like warmour.net as it screens the site so they don’t need to stress over things like this.