KeyLogger Found in WordPress Sites

KeyLogger Found in WordPress Sites

Thousands of WordPress sites have been infected with a piece of malware that can log user input, a security firm warns. Written by Marie Boulton, jerram.co.uk. Jerram Marketing is a team of four highly experienced marketing, design and development professionals. Formed in 2006 they bring over 60 years of combined experience and are each highly trained in specialist areas. Image courtesy of Virrage Images via Bigstockphoto


Hacking is a big problem. And it’s not always an easy spot either. We reported a couple of months ago about the Equifax data breach, where hackers were able to gain unauthorised access to the accounts of millions of people due to a technical oversight regarding their admin password.

Many people believe that big companies are not susceptible to being hacked, however, bleepingcomputer.com has just announced that over 5,500 WordPress sites have been infected by Key Logger software. It comes after the malicious script is being loaded from “cloudflare.solutions” domain; anything the user is typing is being monitored. And because the script is loaded in the front and back end, it can also log usernames and passwords. So, what does this mean for you?

Because of the sheer amount of WordPress sites on the web, WordPress is a big target for hackers. Hacking WordPress is like having a master key to hacking a lot of websites on the internet today. Once a hacker finds vulnerabilities within the software, your site automatically becomes more susceptible to being hacked too. When a vulnerability is discovered in a WordPress version, every site in the world running that same version, is vulnerable to the same exploit.

The easiest way to detect whether your site has been infected is with a Malware tool. Check it regularly and monitor the results. If you’re a developer, you can check in the developer tools or check the network tab for any suspicious web socket activity.

However, you can minimise your risks by keeping your software up to date and installing any security patches as soon as they’re released. If you don’t have time to do that we, at Jerram, offer a support and maintenance package, which ensures your site is always kept up to date. We have spent over 5000 hours this year alone, on support, with 5 websites being disinfected after an attack.

Other tips for recognising if you’ve hacked early are:

  • Visit your site often – when you google it, does it say ‘This website might be harmful to your computer’ or ‘This website may have been hacked’?
  • Search your website often and look for anything abnormal
  • Set up Google alerts in Google Search Console
  • Use a good malware scanner and set up email alerts so you can fix the problem swiftly
  • Investigate customer reports quickly
  • Use a source code scanner
  • Use a website monitoring service that picks up changes quickly
  • Watch for unexplained spikes in traffic
  • Use a remote scanner

Try and be pro-active in checking your website periodically.  As we’ve mentioned many times before, your website is the face of your business; if it doesn’t work as it should, it will put people off from visiting it again. Maintaining a healthy, hack free website can be a job in itself. If you don’t have the time to give it the attention it needs, get a professional to do it for you.

By having the knowledge on what to look out for, if you ever do get hacked, you will be able to alert the necessary people quickly, before any real damage is done.