A free weekly Newsletter with a round-up of WordPress news and articles
WordPress Spam Campaign Abuses Google Tag Manager Scripts
A recent WordPress attack abused Google Tag Manager to redirect visitors to a spam page, Sucuri researchers reported last week. The attack avoided the use of files or infection via themes and plugins by injecting a script directly into the wp_options and wp_posts tables. The script was added under the option name ihaf_insert_body in the wp_options table, causing it to be injected into the body of every page on the targeted site.
WP Engine’s AI Toolkit Vectorizes WordPress Sites For Smart Search
WP Engine announced the release of its AI Toolkit, a way to easily integrate advanced AI search and product recommendations into WordPress websites, plus a Managed Vector Database that enables developers to easily integrate AI features directly into websites. WP Engine’s AI Toolkit helps WordPress site owners improve search and content visibility without requiring a steep technical learning curve. Smart Search AI is easily enabled in just a few clicks.
Stealthy Backdoor in WordPress Plugins Gives Attackers Persistent Access to Websites
A sophisticated WordPress malware campaign has been discovered operating through the rarely monitored mu-plugins directory, giving attackers persistent access to compromised websites while evading traditional security measures. The malicious code, identified as wp-index.php, exploits WordPress’s “must-use plugins” functionality to maintain continuous operation without the possibility of deactivation through the admin panel.
