WordPress is a free and open-source content management system (CMSes) with plugins architecture and a template system. It has schemes that allow professionals and novices alike to create amazing websites with ease. Because of great popularity and easily available development features WordPress is often a target of cybercriminals seeking ways to launch their malicious activities.
In a recent incident detected by security researchers, Cybercriminals attacked vulnerable WordPress sites to install scammy e-commerce stores with the purpose of lowering a site’s search engine ranking and reputation. With the help of brute-force attacks, the attackers got access to the site’s admin account. After gaining the access, attackers overwrote the site’s main index file and appended malicious code.
Hijacking WordPress for SEO spamming has become a big trouble for branded websites. Researchers also discovered that attackers are injecting malicious PHP files into the WordPress sites to ensure a steady flow of SEO spam links. So it is high-time for WordPress to ensure best cybersecurity practices and fix these vulnerabilities in order to prevent such attacks in future.