News
A malware has already infected more than 20,000 WordPress sites: How can we protect ourselves?
Over 20,000 WordPress sites have been infected by the persistent DollyWay malware. Learn how to protect your site with updates, security tools, and best practices.
- March 20, 2025
- Updated: March 20, 2025 at 1:59 PM
A persistent malware campaign known as DollyWay has compromised over 20,000 WordPress websites worldwide, redirecting users to fraudulent gambling, crypto, and sweepstakes sites. Security researchers at GoDaddy have been tracking this threat, which has evolved over the years to improve its evasion tactics and reinfection strategies. Given its ability to bypass security measures and repeatedly infect sites, website owners must take proactive steps to protect their platforms.
Understanding the DollyWay malware
DollyWay has been active since at least 2016 and currently generates 10 million impressions per month, making it a highly profitable operation for cybercriminals. The malware exploits vulnerabilities in WordPress plugins and themes, allowing attackers to inject malicious code that redirects visitors to scam websites.
To evade detection, DollyWay only activates redirections when visitors click on something, ensuring that logged-in users, bots, and direct visitors remain unaffected. This makes it harder for security tools to detect and block the threat.
How to protect your WordPress site
Keep all plugins and themes updated
Cybercriminals exploit n-day vulnerabilities, meaning they target known weaknesses in outdated plugins and themes. Regularly updating all components ensures you are protected against these attacks.
Use security plugins and monitoring tools
Install firewall and malware detection plugins such as Wordfence or Sucuri. These tools can help identify suspicious activities and unauthorized changes to your site.
Restrict access and use strong authentication
Limit access to trusted administrators, enforce strong passwords, and enable two-factor authentication (2FA) to reduce the risk of unauthorized logins.
Perform regular backups
Frequent site backups ensure that, in case of an infection, you can restore a clean version of your website without significant data loss.
Scan for malware and clean infected files
Use security tools to scan your site for malicious scripts. If infected, follow WordPress security guides to manually remove malicious code or seek professional help.
By implementing these security measures, website owners can reduce the risk of malware infections and protect their visitors from falling victim to fraudulent schemes.
Latest from Agencias
You may also like
Tesla’s Stock Plummets 4% Amid Declining Sales in China
Read more
Solar roofs could generate two-thirds of global electricity consumption, study finds
Read more
Over 1,000 Lives Saved Annually as London Implements Ultra Low Emission Zone
Read more
BMW’s New Electric Models Set for 2026 Debut
Read more
BYD Expands Its Electric Vehicle Manufacturing Footprint in Europe
Read more
Trump’s Endorsement Fails to Boost Demand for Tesla Vehicles
Read more