According to several reports, shared hosting sites such as GoDaddy, Blue Host and DreamHost have had their customer’s open source WordPress blogs hacked.
On Friday, reports started coming in about a WordPress attack in which malware code was being inserted into WordPress templates.
The attack has only affected WordPress blogs on shared hosting sites, no private server WordPress installs have reportedly been hit.
Initially, the attack was believed to be targeting only older versions of WordPress.
“The bottom line resolution is to be sure you have the most up-to-date versions of your applications within your entire hosting account,” GoDaddy Chief Information Security Officer Todd Redfoot said in a statement to customers on Friday.
However, David Dede reported on his Sucuri Security blog, “We are seeing multiple reports today of WordPress sites (running their latest version) getting compromised.”
As of Monday, it remains unclear where the security leak is coming from.
“I am assuming that if the problem was on WordPress itself,” Dede said, “the number of infected sites would be much much bigger. Maybe a plugin is vulnerable or someone stole lots of passwords.”
If you believe your site could be compromised, be careful visiting your site because you could get infected with the malware. Information on how to clean up your blog can be found here.