A public advisory to fellow bloggers: many free WordPress themes available online contain dodgy links or even malicious code.
Here is some information on how to find safe ones.
I use the (non-free) Thesis theme, but would prefer if other people stopped adopting it. There are too many sites that look just like mine already…
Author: Milan
In the spring of 2005, I graduated from the University of British Columbia with a degree in International Relations and a general focus in the area of environmental politics. Between 2005 and 2007 I completed an M.Phil in IR at Wadham College, Oxford. I worked for five years for the Canadian federal government, including completing the Accelerated Economist Training Program, and then completed a PhD in Political Science at the University of Toronto in 2023.
View all posts by Milan
New Linux malware uses 30 plugin exploits to backdoor WordPress sites
https://www.bleepingcomputer.com/news/security/new-linux-malware-uses-30-plugin-exploits-to-backdoor-wordpress-sites/
A previously unknown Linux malware has been exploiting 30 vulnerabilities in multiple outdated WordPress plugins and themes to inject malicious JavaScript.
According to a report by antivirus vendor Dr. Web, the malware targets both 32-bit and 64-bit Linux systems, giving its operator remote command capabilities.
The main functionality of the trojan is to hack WordPress sites using a set of hardcoded exploits that are run successively, until one of them works.