WordPress is (still) the leading content management system on the internet, and about 40% of websites are based on it—whether they are small websites, sales websites, or large content portals. The fact that it is so widespread makes it a popular target for cyber attacks and hacks. Hackers take advantage of the fact that website owners do not adhere to basic WordPress security and do not choose secure, high-quality website hosting.
In recent days, many WordPress sites around the world have been hacked. The hack in question used JavaScript code injection to redirect users to scam sites or sites that distribute malicious code, with the aim of generating artificial traffic and fake website promotion.
Files such as jquery.min.js and jquery-migrate.min.js were injected with encrypted code that was activated every time a page on the site was loaded, allowing attackers to create redirects to malicious sites. In some cases, users were redirected to a landing page with a CAPTCHA, which, when clicked, caused ads to pop up on the computer, appearing as if they came from the operating system rather than the browser.
The attackers exploited vulnerabilities in outdated plugins and templates on WordPress sites, infecting thousands of websites.
To strengthen the security of your WordPress site, be sure to update the system whenever there is an update, and also update the plugins and templates. If you have old plugins that haven't been updated in over a year, it is recommended that you remove them and choose an alternative plugin (or do without the plugin altogether). In addition, it is very important to choose a web hosting service that emphasizes security, as this is your first line of defense. Secure web hosting monitors the websites on its servers using advanced tools that are not available to regular website owners, prevents attacks, performs backups, and cleans viruses before they infect your WordPress website.