WordPress continues to be a victim of its own success. There are so many sites built using the WordPress software that it remains a tempting target for malicious activities. Many WordPress sites are managed by less technically-savvy people, which means that they may not be kept up to date with security patches, and may use plugins that are known to be vulnerable.

Most recently, an active malware campaign (designated “VisitorTracker” by researchers) is using thousands of compromised WordPress sites to direct site visitors to servers hosting attack code connected with the Nuclear exploit kit.

If you run a WordPress site, please make sure that it’s up to date, and that you only use plugins that are compatible with the latest version of WordPress, and that the plugins are themselves up to date. If you suspect that your site has been compromised, take it offline and rebuild it.