hackers - website care plan

Malicious WordPress Redirect Campaign Attacking Several Plugins

I use WordFence Security on all of my sites because of their reputation and solid software that scans my client websites, alerts me to potential issues and can isolate problem code.  They have a well-staffed detection team and in my opinion do the best job without a huge impact on server resources.


Would you like YOUR site to be protected, AND have a bullet-proof restore option in case of emergency?  Take a look at our Website Care Plans, which include premium hosting with peace of mind included.  #LWDwebsitecareplan


Here’s a snippet from the latest Wordfence threat report.   No worries, if you’re a client of ours – we’ve not used any of the affected software.

Over the past few weeks, our Threat Intelligence team has been tracking an active attack campaign targeting a selection of new and old WordPress plugin vulnerabilities. These attacks seek to maliciously redirect traffic from victims’ sites to a number of potentially harmful locations.

Each of the vulnerabilities targeted by this campaign have been public for some time, and Wordfence users are protected either by individual firewall rules or generic protections built into the plugin.

Each of these plugins have updates available which resolve the vulnerabilities. All WordPress users, regardless of firewall status, are advised to keep their plugins up-to-date at all times.

Read more here:  https://www.wordfence.com/blog/2019/08/malicious-wordpress-redirect-campaign-attacking-several-plugins/

Affected plugins:

  • NicDark Plugins – Unauthenticated Arbitrary Options Update
  • Simple 301 Redirects Addon – Bulk Uploader <= 1.2.5 – Unauthenticated Options Update
  • Woocommerce User Email Verification
  • Yellow Pencil Visual Theme Customizer
  • Coming Soon and Maintenance Mode
  • Blog Designer

Remember, a website care plan is the best insurance for your online presence!

Scroll to Top