If you are a WordPress admin, you need to check if your site is infected by the infamous cloudflare.solutions malware.

A few month ago, Researchers at Sucuri, a web security company, discovered two infections related to cloudflare.solutions. The company reports that the malware and attack are back.

The malware is a bigger threat to WordPress-powered sites that offer e-commerce services because it is designed to steal payment details. “If hackers manage to steal the admin credentials, they can just log into the site without relying on a flaw to break into the site,” wrote The Hacker News.

Although the new attack is not as widespread as the original, the return of the malware does show that website admins didn’t protect their sites after the first attack. It’s very likely that most WordPress admins may not even be aware of the problem.

According to The Hacker News, “More than 2,000 WordPress websites have once again been found infected with a piece of crypto-mining malware that not only steals the resources of visitors’ computers to mine digital currencies but also logs visitors’ every keystroke.”

“To clean up a website that has been compromised with this infection, you’ll need to remove the malicious code from the theme’s functions.php, scan the wp_posts table for possible injections, change all WordPress passwords(!), and update all server software, including third-party themes and plugins,” wrote Sucuri in a blog post.

If you are a WordPress admin, you might want to try the Sucuri plugin to check how to clean your website of any infected code.