Get All Access for $5/mo

More Than 100,000 WordPress Websites Reportedly Infected by Russian Malware Google has already flagged 11,000 malicious domains -- though it is likely that many more than that have been compromised by a mysterious virus called 'SoakSoak.'

By Geoff Weiss

Opinions expressed by Entrepreneur contributors are their own.

Updated on July 17 at 1:55 p.m. with comments from a WordPress spokesperson.

Over 100,000 WordPress sites have been infected by a Russian virus called SoakSoak, which loads an attack code onto webpages created through the uber-popular blogging platform, according to a report by Ars Technica.

Google has already flagged roughly 11,000 malicious domains -- though it is likely that many more than that have been compromised.

According to Gizmodo, more than 70 million total sites use WordPress as a content-management system -- from personal blogs to Time.com. However, only self-hosted sites that use WordPress have been affected by the malware -- meaning personal blogs are okay.

The aim of the hackers and the consequences of the virus -- whether to steal data or otherwise -- remain unclear.

Related: 5 Lessons Leaders Can Learn From the Sony Hacking Scandal

The malware infiltrated WordPress through a vulnerability in a slideshow plug-in called Slider Revolution. While Slider Revolution has since fixed the bug with updates -- it knew about the vulnerability earlier this fall, according to Gizmodo -- the older version of the plug-in is still bundled with many WordPress themes.

"The biggest issue is that the RevSlider plugin is a premium plugin," wrote Sucuri, an online security firm that was first to identify the infection. "It's not something everyone can easily upgrade and that in itself becomes a disaster for website owners."

Ars Technica notes that Sucuri also offers a free scanner here, which can determine which sites are actively compromised.

A WordPress spokesperson could neither confirm that 100,000 sites had been infected, nor that 70 million sites use the platform as a CMS.

"Automattic [WordPress.com's parent company] is taking action to protect sites from the vulnerability," the company said in a statement. "VaultPress, a backup and security product, has included protection from this vulnerability since it was first announced back in September."

Related: Get This: Sony Hack Reveals Company Stored Passwords in Folder Labeled 'Password'
Geoff Weiss

Former Staff Writer

Geoff Weiss is a former staff writer at Entrepreneur.com.

Want to be an Entrepreneur Leadership Network contributor? Apply now to join.

Editor's Pick

Most Popular

See all
Side Hustle

The Side Hustle He Started in His College Apartment Turned Into a $70,000-a-Month Income Stream — Then Earned Nearly $2 Million Last Year

Kyle Morrand and his college roommates loved playing retro video games — and the pastime would help launch his career.

By Amanda Breen
Business News

A Former Corporate Lawyer Now Makes Six Figures on YouTube — Here's How She Does It

Here are the secrets to starting and growing a successful YouTube channel, according to a YouTuber with millions of subscribers.

By Sherin Shibu
Business Ideas

63 Small Business Ideas to Start in 2024

We put together a list of the best, most profitable small business ideas for entrepreneurs to pursue in 2024.

By Eve Gumpel
Growing a Business

How to Determine The Ideal Length of Your Marketing Emails Your Customers Will Actually Read

Wondering how long your marketing emails should be? Here's what consumers say — so you can send them exactly what they like.

By Liviu Tanase
Business News

Former Starbucks CEO Says Steve Jobs Once Told Him to 'Fire Everyone' on His Leadership Team

Howard Schultz appeared on the 'Acquired' podcast last week.

By Emily Rella
Business News

Y Combinator Helped Launch Reddit, Airbnb and Dropbox. Here's What I Learned From Its Free Startup School.

The famed startup accelerator offers a free course on building a business — and answers five pressing questions for founders.

By Sherin Shibu