More than one million WordPress sites have been infected with malicious code that redirects users to phishing sites, according to security researchers. The attackers used all known and recently discovered theme and plugin vulnerabilities to breach WordPress sites. The researchers have urged WordPress site owners to update all plugins and themes to their latest versions and to install a web application firewall to protect their sites from similar attacks. They have also advised users to be cautious when entering their credentials on any website.
Read the full article here.
