One of the first content management systems that comes to mind when it comes to creating and editing a site. WordPress‘Truck. The fact that WordPress is a free and easy-to-understand personal publishing system is one of the main reasons why it is so popular with bloggers and amateur websites in particular.

If you recently visited a website and were randomly redirected to the same “resources” or unwanted ads pages, it could mean two things: the site in question was most likely built with WordPress tools or has been hacked† According to a new study, WordPress themes and plugins known to have security vulnerabilities are hackers can be on target.

Hackers have attacked 6,000 sites in the past month alone.

Researchers at Sucuri, a security provider owned by GoDaddy, have discovered that hackers can access WordPress themes and plugins with known vulnerabilities. malicious scripts He warns against injecting. Use of plugins and themes affected by the new exploit in question. 322 Sucuri researchers state that it is a WordPress site and say the actual number of affected websites is likely to be higher. much more also points out.

Sucuri malware analyst Krasimir Konov said hackers in April alone 6,000 reports that he attacked the site with this tactic. Konov stated that the hacker intrusion was noticed as a result of investigating WordPress sites with unwanted redirect complaints; the files and databases of all these sites are hidden. a malicious JavaScript means it contains. Users of this JavaScript phishing pages and malware Konov noted that he referred them to pages with; He adds that users usually don’t realize they are in a dangerous situation because the redirected landing page looks quite harmless.

In his statement on the subject, Konov said: “This page trickes unsuspecting users into subscribing to push notifications from the malicious site. If users click on the fake CAPTCHA, they choose to receive unwanted ads even if the site is not open and the ads are not coming from a browser, of the operating system Looks like it’s coming” expressions used.

Worse, Konov said push notification opt-in maneuvers were used by hackers to enable tech support scams. most common He underlines that it is one of the methods he uses. This fraud method; suddenly appear on your device. virus It contains windows indicating that it is infected and that you need to call a phone number to fix the problem. Because users fall into this tonga and call the number, hackers achieve their goals.

WordPress states that plugins and themes are scanned regularly

In a conversation with Gizmodo, WordPress.com said that plugins and themes independent It records that they were written as With regard to Sucuri’s report, Şirker said that all plugins or themes available on WordPress.org “for vulnerabilities normal scanned as there stands that.

“If security vulnerabilities are detected, plugin and theme authors will be notified. quick information is given. According to Sucuri’s report, every unpatched plugin is down or not hosted on WordPress.org. WordPress.org also provides security-related resources to both theme developers and plugin developers.” A WordPress.com spokesperson added that by default, WordPress notifies and encourages its users to update core software, plugins, and themes.