top of page
Search

Over 20,000 WordPress Sites Infected by Malware: How to Stay Protected

  • Writer: Tech Waves
    Tech Waves
  • Mar 21
  • 2 min read

WordPress Sites
WordPress Sites

A widespread malware campaign known as DollyWay has compromised more than 20,000 WordPress websites worldwide, redirecting visitors to fraudulent gambling, cryptocurrency, and sweepstakes sites. Security researchers at GoDaddy have been monitoring this evolving threat, which has advanced its evasion tactics and reinfection methods over the years. Given its ability to bypass security defenses and repeatedly infect websites, site owners must take proactive measures to safeguard their platforms.


What is DollyWay Malware?


DollyWay has been active since 2016, generating over 10 million impressions per month. It exploits vulnerabilities in WordPress plugins and themes, allowing attackers to insert malicious code that redirects visitors to scam websites.

To avoid detection, DollyWay only activates redirects when users click on elements, ensuring that logged-in administrators, bots, and direct visitors remain unaffected. This stealthy approach makes it difficult for security tools to detect and remove the threat.


How to Secure Your WordPress Site


1. Keep Plugins and Themes Updated


Hackers target n-day vulnerabilities, which are weaknesses in outdated plugins and themes. Regular updates help patch these security gaps and protect your site from exploitation.


2. Use Security Plugins and Monitoring Tools

Install reputable firewall and malware detection tools, such as Wordfence or Sucuri, to monitor and prevent unauthorized changes to your site.


3. Restrict Access and Strengthen Authentication


  • Limit administrator access to trusted users only

  • Use strong passwords and enforce two-factor authentication (2FA)

  • Regularly review and remove suspicious admin account


4. Perform Regular Backups


Frequent backups ensure that you can restore a clean version of your site in case of an infection, minimizing data loss.

5. Scan for Malware and Remove Infections


Use security scanning tools to detect malware on your site. If infected, follow WordPress security guidelines to manually remove malicious code or seek professional assistance.


Stay Vigilant Against Cyber Threats


By implementing these security best practices, WordPress site owners can reduce the risk of malware infections and protect their visitors from fraudulent redirects and scams. Proactive security maintenance is key to ensuring a safe and trustworthy online experience.

Commentaires

Subscribe to Our Newsletter

  • White Facebook Icon

© 2035 by TheHours. Powered and secured by Wix

bottom of page