Sergey Nivens - Fotolia
WordPress was recently the target of an SEO malware injection attack that has been known to evade detection. How does a WordPress malware injection attack work and what should enterprises do to prevent it?
The word malware refers to many things beyond a Windows PC getting infected with a virus, but that is often the first thing people think of. Malware is generally malicious software that has unique characteristics and impacts Windows and Mac OSes, mobile devices, servers, IoT devices, and so on.
Some malicious software targets specific applications, like the open source word processing software WordPress. This type of attack is called SEO malware injection.
Cloud-based security company Sucuri recently blogged about two websites infected with search engine optimization (SEO) injection malware. SEO attacks occur when search engine results are manipulated by an attacker to rank the attacker's webpages higher than legitimate webpages.
Sucuri described SEO malware injection attacks as inserting spam contents into WordPress pages that are then indexed by search engines. Sucuri didn't address how the attacker accessed the WordPress sites, but it could have been via a compromised account, insecure WordPress plugins or out-of-date software, to mention a few.
In terms of how to handle an SEO malware injection attack, WordPress can be protected by following these steps, assuming other aspects of your enterprise security program provide in-depth defense:
- keep WordPress and all of its plugins up to date, which you can accomplish by enabling auto-updates;
- use secure account management, like multifactor authentication, to protect admin accounts;
- use an encrypted connection for WordPress management;
- limit public access to the system to only trusted systems to limit the attack surface;
- back up the system securely;
- if the resources are available, use a web application firewall;
- review the WordPress security guide; and
- consider this expert advice on how to run a secure WordPress installation.
Dig Deeper on Malware, virus, Trojan and spyware protection and removal
Related Q&A from Nick Lewis
Cyberattacks often begin with a port scan attack, which attackers use to find exploitable vulnerabilities on targeted systems. Learn how they work ... Continue Reading
Monitoring process memory is one way to combat fileless malware attacks. Here's what you can do to protect your network against these campaigns. Continue Reading
A screaming channel attack is a new wireless threat making networks -- particularly those with IoT components -- vulnerable. Are there any safeguards... Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.