Google has blacklisted 11,000 domains because of a new malware campaign targeting compromised WordPress websites. It's possible that the SoakSoak campaign has hit more than 100,000 WordPress-powered websites, the Sucuri Web security company noted.
"The biggest issue is that the RevSlider plugin is a premium plugin, it's not something everyone can easily upgrade, and that in itself becomes a disaster for website owners," Sucuri noted in a blog post. "Some website owners don't even know they have it, as it's been packaged and bundled into their themes. We're currently remediating thousands of sites, and when engaging with our clients, many had no idea the plugin was even within their environment."
Sucuri has a free site scanner that will be able to determine if your WordPress website is compromised. If compromised, site operators must locate code added to wp-includes/template-loader.php and purge suspicious looking code.