WordPress site owners need to act fast as a widespread malicious redirect campaign is actively exploiting vulnerabilities in multiple popular plugins to send visitors to harmful websites.
If you run a WordPress website, now is the time to pay close attention to your plugin directory. Reports from multiple media platforms and security researchers have confirmed a malicious redirect campaign actively targeting WordPress installations. The attackers are exploiting known vulnerabilities in several plugins, hijacking sites and redirecting unsuspecting visitors to harmful destinations. This kind of attack can damage your reputation, compromise your users, and undermine the trust you have worked hard to build.
Malicious redirects are particularly insidious because they often go unnoticed by the site owner. Everything might look perfectly normal on your end, but every person who visits your pages gets silently shuffled off to a different, often dangerous, website. These destinations frequently host phishing scams designed to steal personal information, malware downloads that can infect devices, or deceptive advertisements meant to fraudulently generate revenue for the attackers. When a customer or reader lands on one of these malicious pages through your site, the damage to your brand can be difficult to repair.
The attackers behind this campaign are relying on a fairly straightforward approach. Instead of discovering zero-day vulnerabilities that no one has ever seen before, they are scanning the web for outdated plugins with known security flaws that administrators have neglected to patch. It is a numbers game for them. They cast a wide automated net across the internet, locate sites running vulnerable software, and systematically inject their malicious redirect code. According to a detailed analysis published by Wordfence, this specific campaign has targeted a wide range of plugins, exploiting weaknesses that developers had often already identified and fixed in newer versions.
Here's a list of plugins where potential vulnerabilities have been found:
https://wordpress.org/ plugins/nd-shortcodes/
https://wordpress.org/ plugins/nd-donations/
https://wordpress.org/ plugins/nd-travel/
https://wordpress.org/ plugins/nd-booking/
https://wordpress.org/ plugins/nd-learning/
https://wordpress.org/ plugins/simple-301-redirects-addon-bulk-uploader/
https://wordpress.org/ plugins/woo-confirmation-email/
https://wordpress.org/ plugins/yellow-pencil-visual-theme-customizer/
https://wordpress.org/ plugins/responsive-coming-soon/
https://wordpress.org/ plugins/blog-designer/
If you have any of these plugins currently installed on your WordPress site, you need to take immediate action. Do not assume that simply because your site seems fine on the surface that it has not been compromised. The safest and most effective first step is to reach out directly to the developer of each plugin through the official WordPress support forums to confirm whether your specific version is secure. If you cannot get a timely answer, or if you discover that a critical patch is not yet available for your version, disable the plugin entirely until the developer resolves the issue. Running an outdated and vulnerable plugin on a live website is simply not worth the risk to your business or your audience.
Beyond handling the specific plugins involved in this current campaign, take this situation as a clear warning to tighten your overall security posture. Every plugin and theme you install on your WordPress site is a potential entry point for attackers. The fewer plugins you actively run, the smaller your attack surface becomes. Conduct a thorough audit of your current setup and delete anything you are no longer actively using. Deactivated plugins can still pose a lingering risk if their files remain on your server, so be thorough and remove them completely from your directory.
Also, make sure you have a reliable WordPress Security Plugin installed on your website. A strong security suite does much more than just scan for known malware signatures. It actively monitors your site files for suspicious changes, blocks repeated brute-force login attempts from bots, and can virtually patch certain vulnerabilities before you even have the chance to update. Leading options like Wordfence, Sucuri, or iThemes Security provide robust firewall protection that can intercept malicious redirect attempts before they ever reach your visitors. Pairing a quality security plugin with a rigorous schedule for applying updates is the most effective way to ensure your site remains safe and trustworthy in a constantly evolving threat landscape.
Data source: https://www.wordfence.com/blog/2019/08/malicious-wordpress-redirect-campaign-attacking-several-plugins/
