If you haven’t already updated WordPress with yesterday’s update, you will want to update immediately. It fixes several vulnerabilities, including critical ones that are out in the wild.
To check if your site is infected, look in .js files for anything that looks unusual appended to the bottom of the file.
They also made a note that it is the source of constant reinfections because this particular attack can hit all sites on the server, meaning all WordPress installations would need updating and cleaned up if any signs of the attack were found, otherwise it could constantly reinfect sites.
The malware tries to infect all accessible .js files. This means that if you host several domains on the same hosting account all of them will be infected via a concept known as cross-site contamination. It’s not enough to clean just one site (e.g. the one you care about) or all but one (e.g. you don’t care about a test or backup site) in such situations – an abandoned site will be the source of the reinfection. In other words, you either need to isolate every sites or clean/update/protect all of them at the same time!
It is believed that the latest update prevents this attack, although WordPress isn’t as detailed in their bug related fixes in update notes recently.
WordPress released an update yesterday, billed as a security release, and encouraged all sites to update immediately. While many sites have autoupdated yesterday, you will need to manually update any sites that did not.
Update Feb 5, 2016: It appears that ransomware is now being delivered to visitors of compromised sites.
Latest posts by Jennifer Slegg (see all)
- Google Mobile First Index: Page Speed Included as a Ranking Factor - March 23, 2017
- Mobile First Index: Google Aiming for Quality Neutral Launch - March 23, 2017
- Google Sending “Safe Browsing Policy Updates” to Previously Hacked Sites - March 20, 2017
- Google Adds AMP Carousels to “People Also Search For” Drop Downs - March 20, 2017
- 404s Do Not Affect Site Quality for Google SEO - March 17, 2017