Millions of websites running on the WordPress content management system are at risk of attack, it has been claimed.
That’s according to security firm Sucuri, which has found that any WordPress plugin or theme that leverages the genericons package – a series of vector icons embedded in a webfont – is vulnerable, including the JetPack plugin, installed on more than 1m sites, and the TwentyFifteen theme, which is installed in all new WordPress blogs by default.
Sucuri advises website moderators using genericons to see if the package includes the ‘example.html’ file and, if it does, to remove it.
If you’re interested in learning the more technical aspects of this issue, it’s described in detail on the Securi blog. It follows the company’s December report that Google had blacklisted more than 11,000 web domains after a Soaksoak.ru malware campaign compromised more than 10,000 WordPress sites.
Securi linked the problem to the Slider issue a few months previous to that, which gave hackers the capability to download files directly from servers which had downloaded the ‘Slider Revolution Premium WordPress Plugin’.
Computer meltdown image via Shutterstock