Important Vulnerability on Advanced Custom Fields Plugin for WordPress

 

WP-VCD is a hacking campaign that’s responsible for the vast majority of WordPress malware infections. It has launched massive campaigns that have been very effective. Conducted on weekends, when many security staff are off the job, its campaigns have infected around two million WordPress sites. 

 

 

 

Imunify360 has six core components: Web Application Firewall, Linux Malware Scanner, Proactive Defense, IDS/IPS, WebShield, and Cloud-Based Security. The last component, Cloud-Based Security, runs according to what we call heuristics. 

In Imunify360, heuristics are a set of rules based on information coming in from thousands of Imunify-protected servers all over the world. These servers send threat information to the Imunify cloud server, where it’s automatically processed by dozens of scripts. It’s also manually processed by our Analytics team. 

At 11am EST on Friday 3 April, we’ll be conducting a live webinar on the new features and updates of Imunify360. Sign up and join the conversation on what’s new with our automated server protection suite.

The recording of the webinar is available here.

 

 

Some Imunify360 customers don’t use the Auto Cleanup option because they’re afraid that it will break client web sites. They’re afraid that if a WordPress index.php file gets infected, for instance, the file will be blocked by Malware Scanner for Linux servers, and the web site will go down.

These fears are unfounded. Malware Scanner removes malicious code that’s been injected into a file, while leaving the rest of the file intact. It also removes malicious files that have been included into other files. Enabling Auto Cleanup is completely safe and effective.