Another WordPress Security Issue.

We should all know by now that ALL technology is vulnerable to attack. Code is written by humans and humans make mistakes. Also, technology moves on, and what might have been a ‘perfect’ piece of code six months ago could now be susceptible to a new attack vector. WordPress security has taken a bashing in the past, but it really does not matter what software you use to create your web site; Drupal, Joomla or WordPress, security is going to be an issue at some point.

The remarkable guys over at Sucuri have just discovered a new attack on the WordPress platform. If you have a WordPress web site, this this is something that you need to know about and act upon.

The malware injects new code into many .js (javascript) file contained in the WordPress installation. This, in turn, creates an ad cookie which quietly resides on your visitors internet browser. It also creates an invisible iframe. This is a container which carries data from another web site into your web site pages. This is quite bad!

The infected site javascript files then go around infecting as many other files as they can. This could be files on your web site, or even files on other web sites if the hosting company has not isolated the files of different domains from one another. This cross-site infection means that it is hard to track down, and unless you catch all the infections, you’re likely to get reinfected.

What should you do?

If you have a WordPress site and you know what you’re doing it might be a good time to update your plugins and core WordPress files. After that you might like to think about getting some additional web site security from a reliable company such as Wordfence or Sucuri.