New WordPress Malware Disables Security Plugins

A new kind of malware was found that affects WordPress, which can disable your security plugins and thereby affects the momentum of your website. It is a PHP written software, which continuously works for disabling active security plugins.

According to Sucuri researchers, the main issue related to this malware, it is undetached. We can’t find it but unless we can only know if they have been attacked our security plugins. But the researchers also claim that the malware can really help us in identifying the security plugins and the non-security plugins because they will be untouched by the malware.

How does it affect WordPress?

The malware itself makes an attempt to obscure its loading step and uses WordPress hooks and variables of coding to twiddle with the protection plugins while not exploiting detectable traces.

Demo by Sucuri – Image Source

Thus plugins scrutinized by a function named “findinSecurity,” which links to a “secList” that serves for the information comparison action. That means, there’s a hardcoded list with known security plugins, and if any of them are found on the target website, then they’re disabled.
The inability to activate these plugins again is attributed to the reason that the malware is injected on the wp-load.php file. Thus, the malware is re-running on each website load. This includes both the website owners and visitors, Therefore, the malware loads every time.

How can we protect our WordPress Site?

So the question is how can we protect our website from this vicious malware?

The only way to deal with the malware is to delete it completely from your website. But for deleting the malware we want to find it first. As the susuri researchers said, the malware is undetached. Then how will we find it?

The only sign we get of the existence of malware is the inability to activate plugins.

  • Server-side scanner
  • Website file integrity monitor

Additional security and risk mitigation steps that the site admins should take is to set up a server-side scanner. This tool can scan the WordPress site on the server level, thus malware code can be detected and deleted.

Similarly, WordPress site file integrity monitors will play a protecting role, informing the admins of suspicious changes due to malware infection.

Therefore, if your website is only relying on your WordPress security plugins, then you are going to face some serious security threats.



Similar Posts

Leave a Reply

Your email address will not be published. Required fields are marked *