It is ground-breaking news that thousands of WordPress sites have become the prey of malware infection. Currently, researchers and scholars have discovered that a spike in the malware has infected thousands of WordPress websites that use a popular image tool and resulting them to get sucked into the blackhole. This kind of malware attack came into focus after when French media outlet, The Poitou-Charentes Journal, began hosting on malicious code on its WordPress site.
The researchers have found the result like that; malware had exploited weak FTP server authentication credentials and vulnerability in the TimThumb image resizer to upload malicious PHP files to the site. In that scenario, it was probable that the utility run only a partial check on hostnames which mean hackers can upload and execute arbitrary code in the .PHP cache directory. The malware attack has used the BlackHole exploit kit, which redirected the website’s visitors to an external malware-hosting site yielding a huge loss.
The effect of malware was such a devastating that, it was detected around 3,500 unique infected WordPress sites which redirected visitors to malicious sites within four to five days, i.e. in between August 28 to 31. This type of attack was detected by senior researcher Jan Sirmer who had discovered that around 151,000 users had been hit with the malicious redirect from other compromised WordPress sites and thus, during September month, the company blocked redirects from 2,515 WordPress sites. After this event, the entire IT fields have been thrilled and the measures for its protection were planned to be taken and finally it was concluded that it is recommended for WordPress sites that they must employ strong login credentials and a fix must be available for the TimThumb tool in order to prevent such type of big damages.
Although, this is the fact that the damage or loss which has happened is difficult to recover, but still implying the quotation that “prevention is better than cure”, we can learn lesson from this incident and can apply some preventive measures which can avoid such type of problems to occur in future. Now the bloggers and webmasters who possess a WordPress driven site need not to worry, now the solution to this problem has been searched out which will let these problems not to exist for a lot more.