Since mid-December, a significant new cyber security threat has infected over 7,000 WordPress websites using a vulnerable Popup Builder plugin. This plugin is currently used on 200,000 websites to build custom marketing and informational pop-ups. Known as the “Balada Injector”, this malware campaign has compromised the security of many WordPress websites worldwide, its ability to inject malicious code into the site files and lead to various malicious activities such as unwanted adverts or theft of sensitive user information leaves both the visitors and site owners at risk.
Keep your site protected
Here are some tips for WordPress admins to help defend against the Balada Injection:
- Keep your site and plugins updated
The first line of defence against the Balada Injector is ensuring all WordPress themes and plugins are up to date with the latest software version to strengthen security and reduce the risk of exploitation and unauthorised access. You should also uninstall anything that is no longer needed or supported on the site; this will keep the attack surface as minimal as possible and reduce the risk of a breach.
- Create strong passwords
Weak passwords can be cracked in a matter of seconds; if your password is random and long, it will be harder for criminals to gain unauthorised access to your WordPress site. The NCSC recommend combining three random words to ensure that your password can’t be easily cracked, avoid the most common passwords, and ensure each password is unique, that is to say, it is not used to authenticate to any other service or account.
- Back up your WordPress site regularly
Prepare yourself for the worst-case scenario by utilising routine back-ups of your website and ensuring they are secure. In the event of a cyber-attack, you can get your site back up and running quickly and efficiently with minimal business disruption.
- Keep yourself and your business informed
At the NEBRC, we are a police-led not-for-profit organisation dedicated to your security. We work closely with you to keep your data safe and reduce a cyber-attack. We offer a dedicated cyber security awareness training course to help develop your knowledge and understanding of cyber security. Visit our website to find out about our Cyber Security Services or complete a Business Risk Check so we can assess your business’s needs.