Malware targeting WordPress 3.2.x sites


A number of users on our servers appear to have been affected by a malware run targeting WordPress 3.2.1 sites. Our malware scanner attempted to go through and clean all of these up, but it appears to have removed several infected core files rather than replacing them with clean copies.

This only affects a handful of sites, but the whole WP Engine team is going through and reinstating the removed core files from affected sites as of now.

Furthermore, due to the attack vector used to infect these sites, we are encouraging all customers still on the WordPress 3.2.x branch or lower to upgrade to WordPress 3.3.1 immediately.

If you happen to need help upgrading to 3.3.1, please contact our support team and we will be more than happy to help you out.

Update: After careful examination by our security team, this run was targeting a handful of different exploits in plugins and themes. WordPress 3.2.1 appeared to be the common vector, but as far as we know that code is still secure. Regardless, it is suggested that you upgrade to WordPress 3.3.1 as soon as you can as various improvements have been made to the software since WordPress 3.2.1’s release.


  1.  Upgrade Wordpress | Blog Muhammad Saroji

Leave a Reply