• About Us
  • Contributors
  • Guides
  • Speaking Engagements
  • Write for The SEM Post
  • Submit a tip or contact us!
  • Newsletters

The SEM Post

Latest News About SEO, SEM, PPC & Search Engines

  • Google
  • SEO
  • Mobile
  • Local
  • Bing
  • Pay Per Click
  • Facebook
  • Twitter
  • State of the Industry
You are here: Home / Security / Update WordPress Immediately; Major Vulnerability Fixes

Update WordPress Immediately; Major Vulnerability Fixes

February 3, 2016 at 4:22 am PST By Jennifer Slegg

  • Facebook
  • Twitter
  • Google+
  • Pinterest
  • LinkedIn
  • Email
  • WhatsApp
  • Evernote
  • SMS

wordpress vulnerabilityIf you haven’t already updated WordPress with yesterday’s update, you will want to update immediately.  It fixes several vulnerabilities, including critical ones that are out in the wild.

Shortly before the update was released, Sucuri released information regarding a major exploit they were seeing across many WordPress sites that resulted in many WordPress sites infected with malware through javascript, in what they called a “admedia iframe injection”.  Sucuri noticed a huge increase in the number of sites infected over the weekend.

To check if your site is infected, look in .js files for anything that looks unusual appended to the bottom of the file.

They also made a note that it is the source of constant reinfections because this particular attack can hit all sites on the server, meaning all WordPress installations would need updating and cleaned up if any signs of the attack were found, otherwise it could constantly reinfect sites.

The malware tries to infect all accessible .js files. This means that if you host several domains on the same hosting account all of them will be infected via a concept known as cross-site contamination. It’s not enough to clean just one site (e.g. the one you care about) or all but one (e.g. you don’t care about a test or backup site) in such situations – an abandoned site will be the source of the reinfection. In other words, you either need to isolate every sites or clean/update/protect all of them at the same time!

It is believed that the latest update prevents this attack, although WordPress isn’t as detailed in their bug related fixes in update notes recently.

Wordfence also wrote about a meta attack they were seeing and created a video to show how the attack was done.

WordPress released an update yesterday, billed as a security release, and encouraged all sites to update immediately.  While many sites have autoupdated yesterday, you will need to manually update any sites that did not.

Update Feb 5, 2016: It appears that ransomware is now being delivered to visitors of compromised sites.

  • Facebook
  • Twitter
  • Google+
  • Pinterest
  • LinkedIn
  • Email
  • WhatsApp
  • Evernote
  • SMS
The following two tabs change content below.
  • Bio
  • Latest Posts
My Twitter profileMy Facebook profileMy Google+ profileMy LinkedIn profile

Jennifer Slegg

Founder & Editor at The SEM Post
Jennifer Slegg is a longtime speaker and expert in search engine marketing, working in the industry for almost 20 years. When she isn't sitting at her desk writing and working, she can be found grabbing a latte at her local Starbucks or planning her next trip to Disneyland. She regularly speaks at Pubcon, SMX, State of Search, Brighton SEO and more, and has been presenting at conferences for over a decade.
My Twitter profileMy Facebook profileMy Google+ profileMy LinkedIn profile

Latest posts by Jennifer Slegg (see all)

  • New Google Quality Rater Guidelines, Update Adds Emphasis on Needs Met - October 16, 2020
  • Google Updates Experiment Statistics for Quality Raters - October 6, 2020
  • Analyzing “How Google Search Works” Changes from Google - July 8, 2020
  • Google Quality Rater Guidelines Update: New Introduction, Rater Bias & Political Affiliations - December 6, 2019
  • Google Updates Quality Rater Guidelines: Reputation for News Sites; Video Content Updates; Quality for Information Sites - September 13, 2019

Filed Under: Security

Sign up for our newsletter


Founder & Editor

Jennifer Slegg (2049)

Sign up for our daily news recap & weekly newsletter.


Follow us online

  • Facebook
  • Google+
  • Linkedin
  • Pinterest
  • Twitter

Latest News

New Google Quality Rater Guidelines, Update Adds Emphasis on Needs Met

Google has released a brand-new Google quality rater guidelines, coming close to a year after the … [Read More...]

Recent Posts

  • New Google Quality Rater Guidelines, Update Adds Emphasis on Needs Met
  • Google Updates Experiment Statistics for Quality Raters
  • Analyzing “How Google Search Works” Changes from Google
  • Google Quality Rater Guidelines Update: New Introduction, Rater Bias & Political Affiliations
  • Google Updates Quality Rater Guidelines: Reputation for News Sites; Video Content Updates; Quality for Information Sites
  • Google Makes Major Changes to NoFollow, Adds Sponsored & UGC Tags
  • Google Updates Quality Rater Guidelines Targeting E-A-T, Page Quality & Interstitials
  • Google Local Service Ads Display Pricing Estimates for Specific Locations
  • Google Testing “Relevant History” Section in Mobile Search Results
  • Google Converts PDFs, DOCs, XLS etc into HTML for Indexing

Categories

  • Affiliate Marketing
  • Amazon
  • Apple
  • Bing
  • Branding
  • Browsers
  • Chrome
  • Content Marketing
  • Design
  • Domains
  • DuckDuckGo
  • Email
  • Facebook
  • Firefox
  • Foursquare
  • Google
    • Analytics
    • Google RankBrain
    • Quality Rater's Guidelines
  • History of Search
  • Industry Spotlight
  • Instagram
  • Internet Explorer
  • Links
  • Local
  • Mobile
  • Native Advertising
  • Other Search Engines
  • Pay Per Click
  • Pinterest
  • Publishers
  • Security
  • SEO
  • Snapchat
  • Social Media
  • State of the Industry
  • The SEM Post
  • Tools
  • Twitter
  • Uncategorized
  • User Experience
  • Video Marketing
  • Week in Review
  • Whitepapers
  • Wordpress
  • Yahoo
  • Yelp
  • YouTube
January 2021
MTWTFSS
« Oct  
 123
45678910
11121314151617
18192021222324
25262728293031

Meta

  • Log in
  • Entries RSS
  • Comments RSS
  • WordPress.org

Copyright © 2021 · News Pro Theme On Genesis Framework · WordPress · Log in