Security firm Sucuri announced that roughly 2,000 WordPress websites were found to be infected with malicious keyloggers, which can capture users passwords. This is very similar to the Cloudflare[.]Solutions attack from December, reported here.
A keylogger is a piece of software that stores every keystroke a user makes and returns that data somewhere else; in this case, transmitted back to the malicious party. This means that usernames, passwords, or anything else typed into a web form or text box can be captured and therefore compromised. ArsTechnica reports that the attacks were successful because they exploited weaknesses in out of date software.
With approximately 76 million WordPress sites in the world, 2,000 compromised sites is not catastrophic. But it’s a good reminder to practice good security for your website: keep your software up to date and update your passwords regularly.
If you need help keeping your website up to date and free from hackers, SaviorLabs has a monthly service called WebCare that keeps you site updated and working at peak capacity. Call us today at 978-561-6025or request more information at https://saviorlabs.com/contact/ and we will get back with you shortly.