WordPress Security News & Updates

Cascading Redirects: Unmasking a Multi-Site JavaScript Malware Campaign

Puja Srivastava

March 6, 2025

During a recent website security investigation, we uncovered a malicious JavaScript injection affecting a WordPress website. The infection was responsible for redirecting visitors to unwanted…

Read the Post

Vulnerability & Patch Roundup — February 2025

Sucuri Malware Research Team

February 28, 2025

Vulnerability reports and responsible disclosures are essential for website security awareness and education. Automated attacks targeting known software vulnerabilities are one of the leading causes…

Read the Post

Fake WordPress Plugin Impacts SEO by Injecting Casino Spam

Kayleigh Martin

February 26, 2025

Injecting malware via a fake WordPress plugin has been a common tactic of attackers for some time. This clever method is often used to bypass…

Read the Post

WordPress ClickFix Malware Causes Google Warnings and Infected Computers

Ben Martin

February 21, 2025

Since December of last year there has been a new fake Google reCAPTCHA campaign making its way through the WordPress world. Very similar to malware…

Read the Post

When Spam Hides In Plain Sight

Matt Morrow

February 19, 2025

We recently worked on an interesting case where Casino spam was visible in the page source, but couldn’t be located in any of the usual…

Read the Post

Hidden Backdoors Uncovered in WordPress Malware Investigation

Puja Srivastava

February 14, 2025

At Sucuri, we often encounter cases where malware is deeply embedded in websites, hidden in files and scripts that can easily escape detection. In this…

Read the Post

Vulnerability & Patch Roundup — January 2025

Sucuri Malware Research Team

January 31, 2025

Read the Post

Malware Redirects WordPress Traffic to Harmful Sites

Puja Srivastava

January 23, 2025

Recently, a customer approached us after noticing their website was redirecting visitors to a suspicious URL. They suspected their site had been compromised and sought…

Read the Post

Japanese Spam on a Cleaned WordPress Site: The Hidden Sitemap Problem

Puja Srivastava

January 15, 2025

While investigating a compromised WordPress site, we discovered a malware infection causing Japanese spam links to appear in Google search results. Although the site had…

Read the Post

Stealthy Credit Card Skimmer Targets WordPress Checkout Pages via Database Injection

Puja Srivastava

January 9, 2025

Recently, we released an article where a credit card skimmer was targeting checkout pages on a Magento site. Now we’ve come across sophisticated credit card…

Read the Post

Sucuri December 2024 Vulnerability Roundup

Vulnerability & Patch Roundup — December 2024

Sucuri Malware Research Team

January 7, 2025

Read the Post