Tech Translated

IT Security & Technology Blog

Practical IT insights for Australian businesses. Our team covers cybersecurity advisories, compliance updates, and plain-English explainers on the technology your business relies on, published regularly as the landscape shifts.

Red shield security alert graphic warning to patch the SimpleHelp RMM vulnerability

ACSC warns of large-scale attack hitting Australian WordPress sites

The Australian Cyber Security Centre has issued an alert about a global exploitation campaign targeting content management systems — and many Australian small businesses have already been hit.

Attackers are scanning websites for known vulnerabilities in WordPress plugins, Joomla, Craft CMS and other platforms, then deploying webshells — small scripts that give them persistent remote access to your web server. Once a webshell is in place, an attacker can steal credentials, plant malware, deface pages or use your server as a launchpad for further attacks.

The list of targeted WordPress plugins is long: Ninja Forms, Gravity Forms, WPvivid Backup, Breeze Cache, GutenKit, and over a dozen others. The ACSC notes the campaign may be AI-assisted, allowing attackers to exploit newly disclosed flaws faster than ever. As BleepingComputer reported, the vulnerabilities being exploited are all public and have patches available — the issue is that many site owners simply haven’t applied them.

This is a pattern we see constantly across Australian SMB environments: a WordPress site gets built, a handful of plugins are installed, and then nobody touches the software again until something breaks. That gap between “installed” and “maintained” is exactly what this campaign exploits.

What to do now

Log into your WordPress dashboard (or ask whoever manages your site) and update every plugin, theme and WordPress core to the latest version. Remove any plugins you’re not actively using — they’re just extra attack surface. Enable automatic updates where possible. If you’re not sure whether your site has already been compromised, ask your IT provider to check for unfamiliar files in your web directories.

If your business website is part of your managed IT environment, your provider should already be handling this. If it’s not — that’s worth a conversation.

Related Guide

Cybersecurity for Sydney SMBs

Explore our complete guide to protecting your business from cyber threats.

Read the Full Guide →