Sergey Nivens - Fotolia
WordPress was recently the target of an SEO malware injection attack that has been known to evade detection. How does a WordPress malware injection attack work and what should enterprises do to prevent it?
The word malware refers to many things beyond a Windows PC getting infected with a virus, but that is often the first thing people think of. Malware is generally malicious software that has unique characteristics and impacts Windows and Mac OSes, mobile devices, servers, IoT devices, and so on.
Some malicious software targets specific applications, like the open source word processing software WordPress. This type of attack is called SEO malware injection.
Cloud-based security company Sucuri recently blogged about two websites infected with search engine optimization (SEO) injection malware. SEO attacks occur when search engine results are manipulated by an attacker to rank the attacker's webpages higher than legitimate webpages.
Sucuri described SEO malware injection attacks as inserting spam contents into WordPress pages that are then indexed by search engines. Sucuri didn't address how the attacker accessed the WordPress sites, but it could have been via a compromised account, insecure WordPress plugins or out-of-date software, to mention a few.
In terms of how to handle an SEO malware injection attack, WordPress can be protected by following these steps, assuming other aspects of your enterprise security program provide in-depth defense:
- keep WordPress and all of its plugins up to date, which you can accomplish by enabling auto-updates;
- use secure account management, like multifactor authentication, to protect admin accounts;
- use an encrypted connection for WordPress management;
- limit public access to the system to only trusted systems to limit the attack surface;
- back up the system securely;
- if the resources are available, use a web application firewall;
- review the WordPress security guide; and
- consider this expert advice on how to run a secure WordPress installation.
Dig Deeper on Malware, virus, Trojan and spyware protection and removal
Related Q&A from Nick Lewis
Cloud penetration testing presents new challenges for information security teams. Here's how a playbook from the Cloud Security Alliance can help ... Continue Reading
Many cloud providers are tight-lipped about internal security control details. Learn how to evaluate cloud security providers with certifications and... Continue Reading
Enterprises new to the cloud can write new security policies from scratch, but others with broad cloud usage may need an update. Consider these ... Continue Reading