Matt Morrow
Browsing Category
WordPress Security
652 posts
Fake WordPress Caching Plugin Used to Steal Admin Credentials
A common trend we see is that bad actors will upload malicious plugins to WordPress sites. These plugins serve a wide variety of functions from…
Vulnerability & Patch Roundup — May 2025
Sucuri Malware Research Team Vulnerability reports and responsible disclosures are essential for website security awareness and education. Automated attacks targeting known software vulnerabilities are one of the leading causes…
Fake Java Update Popup Found in Malicious WordPress Plugin
Puja Srivastava We recently assisted a customer who reported a persistent and concerning “Java Update” pop-up appearing on their WordPress website. This type of deceptive notification is…
Fake Google Meet Page Tricks Users into Running PowerShell Malware
Last month, a customer reached out to us after noticing suspicious URLs on their WordPress site. Visitors reported being prompted to perform unusual actions. We…
Another Fake Cloudflare Verification Targets WordPress Sites
Kayleigh Martin A new Cloudflare infection has once again been targeting WordPress sites. This new iteration of malware mimics a legitimate-looking Cloudflare verification page, which then tricks…
Vulnerability & Patch Roundup — April 2025
Vulnerability reports and responsible disclosures are essential for website security awareness and education. Automated attacks targeting known software vulnerabilities are one of the leading causes…
When Good Software Goes Bad
Most often bad actors try their best to hide their activities by using obfuscated code or by uploading fake plugins or themes that inject simple…
Ad-Jacked: Cybercriminals Inject Google Adsense into WordPress
Recently, we’ve encountered cases where WordPress websites were impacted by Google Adsense hijackers. Attackers inject advertisements and scripts that steal website resources and pump ad…
Fake Font Domain Used to Skim Credit Card Data
Recently, a client of ours came to us concerned about credit card theft on their WordPress site. The client’s users reported that their credit card…
Vulnerability & Patch Roundup — March 2025
Vulnerability reports and responsible disclosures are essential for website security awareness and education. Automated attacks targeting known software vulnerabilities are one of the leading causes…
Hidden Malware Strikes Again: Mu-Plugins Under Attack
At Sucuri, our security researchers continually monitor for new malware variants and infection techniques targeting WordPress websites. Recently, we’ve uncovered multiple cases where threat actors…