We have been contacted over the last few days by several clients concerned by reports they've read in the press about a new Russian malware attack (SoakSoak) affecting WordPress websites. Please rest assured that if you have a website maintenance contract with SpecTronics, we have already taken steps to protect you from this attack.
According to The Independent, Google has already blacklisted over 11,000 sites that are infected with the malware, in the hope of stopping it from spreading. Security firm Securi have reported that the malware uses a vulnerability in a slideshow plug-in called Slider Revolution. The Slider Revolution team have fixed it with updates. The problem is that the old, vulnerable version of the plug-in is still bundled with WordPress themes, so lots of sites are still using the wrong version.
Over 70 million sites use WordPress as a content management system, from personal blogs to Time.com. This malware attack only affects self-hosted sites that use WordPress, so if you have a personal blog on WordPress.com, you're okay.
Other things to consider include the use of a WAF (Web Application Firewall) such as CloudFlare or Securi to protect your website from similar attacks. If you have any concerns about your own website, whether or not it was developed by SpecTronics, please do get in touch so that we can arrange for our developers to apply the relevant updates and provide advice on website security.