WordPress

Hackers Attack Websites: What You Need to Know

Mar 6th 2025

WordPress Websites Get Hit

Over 1,000 WordPress websites were attacked. Hackers used sneaky JavaScript code, which added four secret doors called backdoors. These backdoors let hackers come back even if someone finds one. A smart researcher named Himanshu Anand explained this on Wednesday. He said the four doors make it super easy for attackers to keep sneaking in.
The bad code comes from a website called cdn.csyndication[.]com. So far, 908 sites have this dangerous link. Here’s what the four backdoors do:
  • Backdoor 1: It puts a fake plugin called “Ultra SEO Processor” on the site. Then, hackers use it to give orders.
  • Backdoor 2: It adds bad JavaScript to a file called wp-config.php.
  • Backdoor 3: It sneaks a special key into a file so hackers can keep coming back.
  • Backdoor 4: It runs commands and grabs more bad stuff from gsocket[.]io, maybe to open a secret tunnel.
To stay safe, people should delete weird keys, change their WordPress passwords, and check their logs for anything strange.

Another Big Attack

But that’s not all! Hackers also hit over 35,000 websites with a different trick. This time, the code takes over your browser and sends you to Chinese gambling sites. These sites use the “Kaiyun” name, and they’re in Mandarin, a language from China.
The trick starts with JavaScript from five websites:
  • mlbetjs[.]com
  • ptfafajs[.]com
  • zuizhongjs[.]com
  • jbwzzzjs[.]com
  • jpbkte[.]com
These sites load the main bad code that pushes you to gambling pages. It’s a big problem because it surprises visitors and takes them somewhere they didn’t want to go.

Magento Sites in Trouble Too

There’s more! A group called ScreamedJungle is attacking Magento websites. They’ve hit over 115 online stores so far. They use a code called Bablosoft JS to spy on visitors. This code grabs info about your computer and browser, like a fingerprint.
The attackers sneak in because of weak spots in Magento, like CVE-2024-34102 (CosmicSting) and CVE-2024-20720. They started this in May 2024, and they want money. A company from Singapore said this Bablosoft tool is part of a bigger kit that collects details about you.
Fingerprinting is cool for websites to track what you like, but hackers use it to pretend they’re you. They trick security and do bad things with that info.
Tags:
Share:
Facebook X LinkedIn Reddit Tumblr Pinterest VK WhatsApp
Author:
John Bauer

John Bauer

Featured Articles

Categories

Tags

tag-icon wordpress 119 tag-icon WordPress plugins 40 tag-icon WooCommerce 30 tag-icon Plugin Vulnerability 19 tag-icon Best Wordpress Plugins 19 tag-icon plugins 19 tag-icon Plugin 17 tag-icon SEO 14 tag-icon WordPress Themes 14 tag-icon update 11 tag-icon WordPress plugin 9 tag-icon news 8 tag-icon e-commerce 8 tag-icon Must Have plugins 8 tag-icon Gutenberg 8 tag-icon security 7 tag-icon free plugins 7 tag-icon Website 7 tag-icon Search Engine Optimization 7 tag-icon WordPress Websites 6 tag-icon WooCommerce Plugin 6 tag-icon E-Commerce Website 6 tag-icon WordPress vulnerabilities 6 tag-icon Gutenberg editor 6 tag-icon Plugins 2019 6 tag-icon Yoast SEO 5 tag-icon WordPress Site 5 tag-icon wordpress news 4 tag-icon wordpress gutenberg 4 tag-icon Mailchimp 4 tag-icon WooCommerce store 4 tag-icon Google 4 tag-icon WordPress Templates 4 tag-icon Online Store 3 tag-icon Discount 3 tag-icon Wordfence 3 tag-icon Gutenberg Hub 3 tag-icon plugins 2020 3 tag-icon wordpress gutenberg blocks 3 tag-icon WordPress Security Issues 3 tag-icon SEO Plugins 3 tag-icon free WordPress plugins 3 tag-icon photo editing plugins 3 tag-icon themes 3 tag-icon security plugins 3 tag-icon WordPress 5.2 3 tag-icon Google Analytics 3 tag-icon Stripe 3 tag-icon WooCommerce Site 3 tag-icon Content Creation 3