Skip to Main Content
Thousands of WordPress Sites Hacked

Thousands of WordPress Sites Hacked

20 June 2022

Thousands of WordPress Sites Hacked to Redirect Visitors to Scam Sites

After a recent investigation, security researchers found that countless WordPress sites have fallen victim to a hacking campaign.

The widespread campaign is responsible for injecting malicious JavaScript code into thousands of compromised WordPress websites over the past few months. The hacked JavaScript code on these websites sends visitors through a series of website redirects to serve them unwanted ads.

The security attack was discovered and reported by Sucuri, a GoDaddy owned security provider. Their research revealed that the months-long hacking campaign has been targeting security holes in WordPress themes and plugins.

The discovery of the campaign was following an enormous complaint of unwanted website redirects.

The injected JavaScript creates redirects that leads website visitors to phishing pages, malware and other malicious sites. To the average eye, the landing page of the redirected website could look innocent, so users may not even realize they’ve stumbled upon a hacked website.

In some cases, unsuspecting website visitors will receive unwanted ads and push notifications if they click on the fake CAPTCHA. Worst of all, these ads will look like they come from the operating system, not the browser. These push notifications are a tactic used by hackers to attack users with a common tech support scam. The notifications will appear as the system operator, claiming that the computer is running slow or infected. The notifications will then suggest that the user calls a number to fix the problem.

It’s important to note that the compromised websites are related to WordPress themes or plugins built by third-party developers with WordPress software, and not directly associated with

The report published by Sucuri found that there are at least 322 WordPress plugins and themes that have fallen victim to the security attack. Sucuri also notes that the “actual number of impacted websites is likely much higher.”

In fact, 6000 websites have been reported as infected by this campaign in April alone.

This unfortunate security attack reminds us how important it is to make sure your website is safe and secure from hackers.

Custom web design and marketing solutions from our business to yours

Get a free quote.


Recent Posts

Improving Customer Service: Live Chat - Part 3.

Improving Customer Service: Live Chat - Part 3.


Let’s start this third installment by investigating a more technical aspect of your janitorial supply company’s live chat.

Read More
Secure Your Website Today

Secure Your Website Today


This post discusses ways to secure your website, including an overview of PCI compliance and how secure forms can help protect your data.

Read More

View All Entries