{"id":1664,"date":"2026-05-01T14:23:16","date_gmt":"2026-05-01T14:23:16","guid":{"rendered":"https:\/\/www.mogacode.ma\/21-sites-wordpress-infectes-nuit\/"},"modified":"2026-05-02T08:42:02","modified_gmt":"2026-05-02T08:42:02","slug":"21-sites-wordpress-infectes-nuit","status":"publish","type":"post","link":"https:\/\/www.mogacode.ma\/en\/21-sites-wordpress-infectes-nuit\/","title":{"rendered":"21 Sites WordPress Infect\u00e9s en une Nuit \u2014 Retour d&rsquo;Exp\u00e9rience MogaCode"},"content":{"rendered":"<div data-elementor-type=\"wp-post\" data-elementor-id=\"1664\" class=\"elementor elementor-1664 elementor-bc-flex-widget\" data-elementor-post-type=\"post\">\n\t\t\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-sec_a3f7246 elementor-section-stretched elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"sec_a3f7246\" data-element_type=\"section\" data-e-type=\"section\" data-settings=\"{&quot;stretch_section&quot;:&quot;section-stretched&quot;}\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-col_fff4177\" data-id=\"col_fff4177\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-htm_ace4b03 elementor-widget elementor-widget-html\" data-id=\"htm_ace4b03\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"html.default\">\n\t\t\t\t\t<style>\n.mg-article *{box-sizing:border-box;margin:0;padding:0}\n.mg-article{font-family:-apple-system,BlinkMacSystemFont,'Inter','Segoe UI',sans-serif;background:#0f0f0f;color:#f0f0f0;line-height:1.6}\n.mg-article .article-header{padding:80px 24px 48px;background:#0f0f0f;max-width:800px;margin:0 auto}\n.mg-article .article-meta{color:#888;font-size:0.875rem;margin-bottom:16px;letter-spacing:0.02em}\n.mg-article .article-meta span{display:inline-block;margin-right:16px}\n.mg-article .article-title{font-size:2.5rem;font-weight:800;line-height:1.2;margin-bottom:24px;color:#f0f0f0}\n.mg-article .article-lead{font-size:1.2rem;color:#ccc;line-height:1.6;border-left:4px solid #FF6B35;padding-left:20px}\n.mg-article .article-body{max-width:800px;margin:0 auto;padding:48px 24px}\n.mg-article .article-body h2{font-size:1.75rem;font-weight:700;margin:48px 0 16px;color:#f0f0f0}\n.mg-article .article-body h3{font-size:1.3rem;font-weight:600;margin:32px 0 12px;color:#FF6B35}\n.mg-article .article-body p{margin-bottom:20px;line-height:1.8;color:#d0d0d0}\n.mg-article .article-body ul,.mg-article .article-body ol{padding-left:24px;margin-bottom:20px}\n.mg-article .article-body li{margin-bottom:8px;line-height:1.7;color:#d0d0d0}\n.mg-article .article-body blockquote{border-left:4px solid #FF6B35;padding:16px 24px;background:#1a1a1a;margin:32px 0;font-style:italic;color:#ccc;border-radius:0 8px 8px 0}\n.mg-article .highlight-box{background:#1a1a1a;border:1px solid #2a2a2a;border-radius:8px;padding:24px;margin:32px 0}\n.mg-article .highlight-box h3{margin-top:0;color:#FF6B35}\n.mg-article .code-block{background:#111;border:1px solid #2a2a2a;border-radius:8px;padding:20px;font-family:monospace;font-size:0.875rem;color:#a8ff78;overflow-x:auto;margin:24px 0;white-space:pre}\n.mg-article .inline-cta{background:linear-gradient(135deg,#FF6B35,#e85a20);border-radius:8px;padding:32px;text-align:center;margin:48px 0}\n.mg-article .inline-cta h3{color:#fff;margin-bottom:12px;font-size:1.5rem;margin-top:0}\n.mg-article .inline-cta p{color:rgba(255,255,255,0.85);margin-bottom:24px}\n.mg-article .btn-white{display:inline-block;background:#fff;color:#FF6B35;font-weight:700;padding:14px 28px;border-radius:6px;text-decoration:none;font-size:1rem}\n.mg-article .author-box{display:flex;gap:16px;align-items:center;background:#1a1a1a;border-radius:8px;padding:24px;margin:48px 0;border:1px solid #2a2a2a}\n.mg-article .author-avatar{width:64px;height:64px;border-radius:50%;background:#FF6B35;display:flex;align-items:center;justify-content:center;font-size:1.5rem;font-weight:800;color:#fff;flex-shrink:0}\n.mg-article .author-info h4{margin:0 0 4px;font-size:1rem;font-weight:600;color:#f0f0f0}\n.mg-article .author-info p{margin:0;color:#888;font-size:0.875rem}\n.mg-article .article-cta-bottom{background:#141414;padding:64px 24px;text-align:center;border-top:1px solid #2a2a2a}\n.mg-article .article-cta-bottom h2{font-size:1.75rem;font-weight:700;margin-bottom:16px;color:#f0f0f0}\n.mg-article .article-cta-bottom p{color:#888;max-width:560px;margin:0 auto 28px;line-height:1.7}\n.mg-article .btn-orange{display:inline-block;background:#FF6B35;color:#fff;font-weight:700;padding:14px 28px;border-radius:6px;text-decoration:none;font-size:1rem}\n.mg-article .timeline{border-left:2px solid #2a2a2a;padding-left:24px;margin:32px 0}\n.mg-article .timeline-item{position:relative;margin-bottom:32px}\n.mg-article .timeline-item::before{content:'';position:absolute;left:-31px;top:6px;width:12px;height:12px;border-radius:50%;background:#FF6B35;border:2px solid #0f0f0f}\n.mg-article .timeline-time{font-size:0.8rem;font-weight:700;color:#FF6B35;text-transform:uppercase;letter-spacing:0.05em;margin-bottom:4px}\n.mg-article .timeline-item p{margin-bottom:0;color:#d0d0d0}\n.mg-article .stat-grid{display:grid;grid-template-columns:repeat(auto-fit,minmax(160px,1fr));gap:16px;margin:32px 0}\n.mg-article .stat-card{background:#1a1a1a;border:1px solid #2a2a2a;border-radius:8px;padding:20px;text-align:center}\n.mg-article .stat-card .stat-value{font-size:2rem;font-weight:800;color:#FF6B35;display:block;line-height:1}\n.mg-article .stat-card .stat-label{font-size:0.8rem;color:#888;margin-top:8px;display:block}\n<\/style>\n\n<div class=\"mg-article\">\n  <div class=\"article-header\">\n    <div class=\"article-meta\">\n      <span>Securite WordPress<\/span>\n      <span>22 avril 2026<\/span>\n      <span>Lecture : 11 min<\/span>\n    <\/div>\n    <h1 class=\"article-title\">21 Sites WordPress Infectes en une Nuit : le Retour d'Experience de MogaCode<\/h1>\n    <p class=\"article-lead\">Dans la nuit du 21 au 22 avril 2026, 21 sites clients heberges sur le compte Infomaniak principal de MogaCode ont ete compromis simultanement. Voici le recit complet \u2014 vecteur d'attaque, methode de nettoyage, 14 backdoors supprimees, et les lecons que nous en avons tirees.<\/p>\n  <\/div>\n\n  <div class=\"article-body\">\n\n    <div class=\"stat-grid\">\n      <div class=\"stat-card\">\n        <span class=\"stat-value\">21<\/span>\n        <span class=\"stat-label\">Sites infectes<\/span>\n      <\/div>\n      <div class=\"stat-card\">\n        <span class=\"stat-value\">14<\/span>\n        <span class=\"stat-label\">Backdoors identifiees<\/span>\n      <\/div>\n      <div class=\"stat-card\">\n        <span class=\"stat-value\">12h<\/span>\n        <span class=\"stat-label\">Pour tout nettoyer<\/span>\n      <\/div>\n      <div class=\"stat-card\">\n        <span class=\"stat-value\">0<\/span>\n        <span class=\"stat-label\">Client informe d'un incident<\/span>\n      <\/div>\n    <\/div>\n\n    <h2>La decouverte \u2014 2h du matin<\/h2>\n    <p>Tout commence par une alerte Wordfence sur un premier site. Un fichier PHP inconnu vient d'etre modifie dans wp-content\/plugins\/. En ouvrant le fichier, la signature est immediate : un bloc de code obfusque avec une chaine recurrente \u2014 <code style=\"background:#222;padding:2px 6px;border-radius:3px;font-family:monospace;color:#a8ff78\">cAT3VWynuiL7CRgr<\/code>.<\/p>\n    <p>En croisant cette signature sur les autres sites du meme compte Infomaniak, le constat est sans appel : 21 sites sur 21 contiennent le meme pattern. L'infection est systematique, methodique, et date de plusieurs semaines en arriere.<\/p>\n\n    <h2>Le vecteur d'attaque \u2014 plugins nulles<\/h2>\n    <p>L'enquete remonte rapidement a la source. Les plugins incrimines sont tous des versions \"nullees\" (crackees) de plugins WordPress premium :<\/p>\n    <ul>\n      <li><strong>Elementor Pro<\/strong> \u2014 version nullee, telecharge depuis un depot non officiel<\/li>\n      <li><strong>Ultimate Elementor (UE)<\/strong> \u2014 meme origine<\/li>\n      <li><strong>RevSlider<\/strong> \u2014 backdoor incluse dans le code d'activation<\/li>\n    <\/ul>\n\n    <blockquote>\n      Un plugin nulle n'est jamais gratuit. Le \"prix\" que vous payez, c'est une backdoor persistante qui attend ses instructions. Le hacker active la charge utile quand il le decide \u2014 pas au moment de l'installation.\n    <\/blockquote>\n\n    <p>Dans notre cas, la backdoor etait en dormance depuis des semaines. L'activation s'est faite simultanement sur tous les sites le meme soir, probablement via une requete automatisee vers chaque installation compromise.<\/p>\n\n    <h2>Deroulement du nettoyage \u2014 la nuit du 22 avril<\/h2>\n\n    <div class=\"timeline\">\n      <div class=\"timeline-item\">\n        <div class=\"timeline-time\">02:15 \u2014 Detection<\/div>\n        <p>Premiere alerte Wordfence. Identification de la signature cAT3VWynuiL7CRgr sur le premier site. Scan lance sur tous les sites du compte.<\/p>\n      <\/div>\n      <div class=\"timeline-item\">\n        <div class=\"timeline-time\">02:40 \u2014 Cartographie<\/div>\n        <p>21 sites confirmes infectes. Connexion SSH au serveur Infomaniak. Grep recursif sur l'ensemble du compte pour lister tous les fichiers compromis.<\/p>\n      <\/div>\n      <div class=\"timeline-item\">\n        <div class=\"timeline-time\">03:00 \u2014 Isolation<\/div>\n        <p>Les sites les plus critiques (e-commerce, formulaires de contact) passent en maintenance. Aucun client ne sera notifie d'un incident \u2014 le nettoyage sera transparent.<\/p>\n      <\/div>\n      <div class=\"timeline-item\">\n        <div class=\"timeline-time\">03:30 \u2014 Nettoyage en serie<\/div>\n        <p>Suppression systematique de chaque backdoor. Sur certains sites, jusqu'a 3 fichiers infectes distincts. Sur le CRM (crm.coden.lu), 14 backdoors individuelles et une archive de 485 MB de donnees exfiltrees.<\/p>\n      <\/div>\n      <div class=\"timeline-item\">\n        <div class=\"timeline-time\">05:00 \u2014 Reinstallation des cores<\/div>\n        <p>Remplacement de tous les fichiers WordPress core sur les 21 sites. Suppression de tous les plugins nulles. Installation des versions officielles.<\/p>\n      <\/div>\n      <div class=\"timeline-item\">\n        <div class=\"timeline-time\">08:00 \u2014 Durcissement<\/div>\n        <p>Rotation de tous les mots de passe (WP, BDD, FTP). Regeneration des security keys WordPress. Activation de Wordfence Premium sur tous les sites. Revision des permissions fichiers.<\/p>\n      <\/div>\n      <div class=\"timeline-item\">\n        <div class=\"timeline-time\">14:00 \u2014 Remise en production<\/div>\n        <p>Les 21 sites sont nettoyes, durcis et remis en ligne. Aucune donnee client n'a ete perdue. La coupure de service la plus longue : 4 heures sur un seul site.<\/p>\n      <\/div>\n    <\/div>\n\n    <h2>Le cas CRM \u2014 le plus critique<\/h2>\n    <p>Notre CRM interne (Perfex, heberge chez Infomaniak) etait le site le plus gravement atteint. 14 backdoors individuelles avaient ete deposees, et une archive de 485 MB etait en cours d'exfiltration vers un serveur externe au moment de la detection.<\/p>\n    <p>L'exfiltration a ete interrompue avant completion. L'analyse du contenu de l'archive (partiellement recuperee) montre qu'elle contenait principalement des exports de base de donnees et des fichiers de configuration.<\/p>\n    <p>Toutes les credentials ont ete immediatement invalidees et regenerees. Les clients ont ete proactivement informes de la reinitialisation de leurs acces via WhatsApp \u2014 sans mentionner l'incident, par une communication de maintenance planifiee.<\/p>\n\n    <div class=\"highlight-box\">\n      <h3>Ce que nous avons trouve dans les fichiers infectes<\/h3>\n      <p style=\"color:#ccc;margin-bottom:16px\">Trois patterns recurrents dans les backdoors :<\/p>\n      <ul>\n        <li><strong>Eval + base64_decode<\/strong> \u2014 execution de code distant encode en base64, presque invisible dans un fichier PHP volumineux<\/li>\n        <li><strong>Shell distant<\/strong> \u2014 acces SSH-like depuis un navigateur, permettant d'executer des commandes systeme<\/li>\n        <li><strong>Uploader de fichiers cache<\/strong> \u2014 formulaire POST acceptant n'importe quel fichier, camouffle dans un vrai script de plugin<\/li>\n      <\/ul>\n    <\/div>\n\n    <div class=\"inline-cta\">\n      <h3>Vous utilisez des plugins nulles ?<\/h3>\n      <p>Faites auditer votre installation maintenant. Une backdoor peut etre presente depuis des mois sans aucun symptome visible.<\/p>\n      <a href=\"https:\/\/www.mogacode.ma\/en\/audit-gratuit\/\" class=\"btn-white\">Demander un audit gratuit<\/a>\n    <\/div>\n\n    <h2>Les lecons \u2014 ce que nous avons change<\/h2>\n\n    <h3>1. Zero tolerance sur les plugins nulles<\/h3>\n    <p>C'est la lecon la plus evidente, et pourtant la plus ignoree. Un plugin premium coute 50 a 200\u20ac par an. Une infection de ce type coute des dizaines d'heures de travail, des risques RGPD, et potentiellement la confiance de vos clients. Le calcul ne tient pas.<\/p>\n\n    <h3>2. Surveillance active sur chaque site<\/h3>\n    <p>Avant cet incident, Wordfence etait installe sur certains sites mais pas tous. Depuis, chaque site MogaCode a Wordfence Premium actif avec scan quotidien et alerte immediate en cas de modification de fichier.<\/p>\n\n    <h3>3. Separation des comptes d'hebergement<\/h3>\n    <p>21 sites sur le meme compte Infomaniak, c'est pratique pour la gestion \u2014 et catastrophique en cas d'infection. Nous avons depuis migre certains sites vers des comptes isoles. Un compromis sur un compte ne doit plus pouvoir contaminer les voisins.<\/p>\n\n    <h3>4. Sauvegarde hors-serveur quotidienne<\/h3>\n    <p>Les sauvegardes Infomaniak existent mais restent sur le meme serveur. Nous avons mis en place des sauvegardes quotidiennes automatiques vers un stockage S3 independant. Si le serveur est compromis, les backups ne le sont pas.<\/p>\n\n    <h3>5. Security keys et mots de passe en rotation periodique<\/h3>\n    <p>Nous avons adopte une rotation trimestrielle des security keys WordPress et des mots de passe de base de donnees sur tous les sites geres. Ce n'est pas standard dans l'industrie \u2014 mais apres cette nuit, c'est notre standard.<\/p>\n\n    <div class=\"highlight-box\">\n      <h3>Checklist post-incident \u2014 ce que nous verifions maintenant sur chaque site<\/h3>\n      <ul>\n        <li>Tous les plugins viennent du depot officiel WordPress.org ou du site de l'editeur \u2014 jamais d'une source tierce<\/li>\n        <li>Wordfence Premium actif avec scan quotidien et alerte email + WhatsApp<\/li>\n        <li>Aucun compte administrateur inconnu dans la liste des utilisateurs WP<\/li>\n        <li>Aucun fichier PHP dans wp-content\/uploads\/<\/li>\n        <li>Security keys WordPress regenerees depuis moins de 6 mois<\/li>\n        <li>Mot de passe BDD different du mot de passe FTP, different du mot de passe WP<\/li>\n        <li>Sauvegarde hors-serveur testee et restaurable<\/li>\n      <\/ul>\n    <\/div>\n\n    <div class=\"author-box\">\n      <div class=\"author-avatar\">P<\/div>\n      <div class=\"author-info\">\n        <h4>Patrick Rary<\/h4>\n        <p>Fondateur MogaCode \u2014 Expert judiciaire informaticien. Cette nuit du 22 avril 2026 a conduit MogaCode a revoir entierement ses standards de securite pour tous ses sites geres.<\/p>\n      <\/div>\n    <\/div>\n\n  <\/div>\n\n  <div class=\"article-cta-bottom\">\n    <h2>MogaCode Care \u2014 la securite qui ne dort pas<\/h2>\n    <p>Surveillance active, mises a jour, sauvegardes hors-serveur et intervention en cas d'incident. Pour que vous ne viviez jamais cette nuit-la.<\/p>\n    <a href=\"https:\/\/www.mogacode.ma\/en\/sites-wordpress\/\" class=\"btn-orange\">Decouvrir MogaCode Care<\/a>\n  <\/div>\n<\/div>\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<\/div>","protected":false},"excerpt":{"rendered":"<p>.mg-article *{box-sizing:border-box;margin:0;padding:0} .mg-article{font-family:-apple-system,BlinkMacSystemFont,&rsquo;Inter&rsquo;,&rsquo;Segoe UI&rsquo;,sans-serif;background:#0f0f0f;color:#f0f0f0;line-height:1.6} .mg-article .article-header{padding:80px 24px 48px;background:#0f0f0f;max-width:800px;margin:0 auto} .mg-article .article-meta{color:#888;font-size:0.875rem;margin-bottom:16px;letter-spacing:0.02em} .mg-article .article-meta span{display:inline-block;margin-right:16px} .mg-article .article-title{font-size:2.5rem;font-weight:800;line-height:1.2;margin-bottom:24px;color:#f0f0f0} .mg-article .article-lead{font-size:1.2rem;color:#ccc;line-height:1.6;border-left:4px solid #FF6B35;padding-left:20px} .mg-article .article-body{max-width:800px;margin:0 auto;padding:48px 24px} .mg-article .article-body h2{font-size:1.75rem;font-weight:700;margin:48px 0 16px;color:#f0f0f0} .mg-article .article-body h3{font-size:1.3rem;font-weight:600;margin:32px 0 12px;color:#FF6B35} .mg-article .article-body p{margin-bottom:20px;line-height:1.8;color:#d0d0d0} .mg-article .article-body ul,.mg-article .article-body ol{padding-left:24px;margin-bottom:20px} .mg-article .article-body li{margin-bottom:8px;line-height:1.7;color:#d0d0d0} .mg-article .article-body blockquote{border-left:4px solid #FF6B35;padding:16px 24px;background:#1a1a1a;margin:32px 0;font-style:italic;color:#ccc;border-radius:0 8px 8px 0} [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[21,16],"tags":[],"class_list":["post-1664","post","type-post","status-publish","format-standard","hentry","category-s-curit-wordpress","category-wordpress"],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v26.5 (Yoast SEO v27.5) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>21 Sites WordPress Infect\u00e9s en une Nuit \u2014 Retour d&#039;Exp\u00e9rience MogaCode<\/title>\n<meta name=\"description\" content=\"En avril 2026, 21 sites clients infect\u00e9s via plugins null\u00e9s. Comment Patrick Rary a tout nettoy\u00e9 en 12h et les le\u00e7ons apprises.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.mogacode.ma\/en\/21-sites-wordpress-infectes-nuit\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"21 Sites WordPress Infect\u00e9s en une Nuit \u2014 Retour d&#039;Exp\u00e9rience MogaCode\" \/>\n<meta property=\"og:description\" content=\"En avril 2026, 21 sites clients infect\u00e9s via plugins null\u00e9s. Comment Patrick Rary a tout nettoy\u00e9 en 12h et les le\u00e7ons apprises.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.mogacode.ma\/en\/21-sites-wordpress-infectes-nuit\/\" \/>\n<meta property=\"og:site_name\" content=\"Mogacode\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/mogacode\" \/>\n<meta property=\"article:published_time\" content=\"2026-05-01T14:23:16+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2026-05-02T08:42:02+00:00\" \/>\n<meta name=\"author\" content=\"hello@coden.ma\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@mogacode\" \/>\n<meta name=\"twitter:site\" content=\"@mogacode\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"hello@coden.ma\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"8 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.mogacode.ma\\\/21-sites-wordpress-infectes-nuit\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.mogacode.ma\\\/21-sites-wordpress-infectes-nuit\\\/\"},\"author\":{\"name\":\"hello@coden.ma\",\"@id\":\"https:\\\/\\\/www.mogacode.ma\\\/en\\\/#\\\/schema\\\/person\\\/445789c92b6df378ea6f15ad3d8550f7\"},\"headline\":\"21 Sites WordPress Infect\u00e9s en une Nuit \u2014 Retour d&rsquo;Exp\u00e9rience MogaCode\",\"datePublished\":\"2026-05-01T14:23:16+00:00\",\"dateModified\":\"2026-05-02T08:42:02+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.mogacode.ma\\\/21-sites-wordpress-infectes-nuit\\\/\"},\"wordCount\":1549,\"publisher\":{\"@id\":\"https:\\\/\\\/www.mogacode.ma\\\/en\\\/#organization\"},\"articleSection\":[\"S\u00e9curit\u00e9 WordPress\",\"WordPress\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.mogacode.ma\\\/21-sites-wordpress-infectes-nuit\\\/\",\"url\":\"https:\\\/\\\/www.mogacode.ma\\\/21-sites-wordpress-infectes-nuit\\\/\",\"name\":\"21 Sites WordPress Infect\u00e9s en une Nuit \u2014 Retour d'Exp\u00e9rience MogaCode\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.mogacode.ma\\\/en\\\/#website\"},\"datePublished\":\"2026-05-01T14:23:16+00:00\",\"dateModified\":\"2026-05-02T08:42:02+00:00\",\"description\":\"En avril 2026, 21 sites clients infect\u00e9s via plugins null\u00e9s. Comment Patrick Rary a tout nettoy\u00e9 en 12h et les le\u00e7ons apprises.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.mogacode.ma\\\/21-sites-wordpress-infectes-nuit\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.mogacode.ma\\\/21-sites-wordpress-infectes-nuit\\\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.mogacode.ma\\\/21-sites-wordpress-infectes-nuit\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Accueil\",\"item\":\"https:\\\/\\\/www.mogacode.ma\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"21 Sites WordPress Infect\u00e9s en une Nuit \u2014 Retour d&rsquo;Exp\u00e9rience MogaCode\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.mogacode.ma\\\/en\\\/#website\",\"url\":\"https:\\\/\\\/www.mogacode.ma\\\/en\\\/\",\"name\":\"Mogacode - D\u00e9veloppement de sites web et applications \u00e0 Essaouira\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.mogacode.ma\\\/en\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.mogacode.ma\\\/en\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.mogacode.ma\\\/en\\\/#organization\",\"name\":\"MogaCode\",\"alternateName\":\"MogaCode SARL-AU\",\"url\":\"https:\\\/\\\/www.mogacode.ma\\\/en\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.mogacode.ma\\\/en\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.mogacode.ma\\\/wp-content\\\/uploads\\\/2025\\\/10\\\/ChatGPT-Image-22-oct.-2025-a-09_49_53.png\",\"contentUrl\":\"https:\\\/\\\/www.mogacode.ma\\\/wp-content\\\/uploads\\\/2025\\\/10\\\/ChatGPT-Image-22-oct.-2025-a-09_49_53.png\",\"width\":1024,\"height\":1024,\"caption\":\"MogaCode\"},\"image\":{\"@id\":\"https:\\\/\\\/www.mogacode.ma\\\/en\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/www.facebook.com\\\/mogacode\",\"https:\\\/\\\/x.com\\\/mogacode\"],\"description\":\"Agence digitale sp\u00e9cialis\u00e9e en d\u00e9veloppement WordPress, SaaS IA et SEO. Fond\u00e9e \u00e0 Essaouira par un expert judiciaire informaticien avec 30 ans d'exp\u00e9rience IT. Clients en France, Belgique, Luxembourg et Maroc.\",\"email\":\"contact@mogacode.ma\",\"telephone\":\"+212620229114\",\"legalName\":\"MogaCode SARL-AU\",\"foundingDate\":\"2019\"},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.mogacode.ma\\\/en\\\/#\\\/schema\\\/person\\\/445789c92b6df378ea6f15ad3d8550f7\",\"name\":\"hello@coden.ma\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f1817f9bc5dbb82e094a268ef248b84289885c636ab5f8b312f7367f85211e36?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f1817f9bc5dbb82e094a268ef248b84289885c636ab5f8b312f7367f85211e36?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f1817f9bc5dbb82e094a268ef248b84289885c636ab5f8b312f7367f85211e36?s=96&d=mm&r=g\",\"caption\":\"hello@coden.ma\"},\"sameAs\":[\"https:\\\/\\\/coden.ma\"],\"url\":\"https:\\\/\\\/www.mogacode.ma\\\/en\\\/author\\\/hellocoden-ma\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"21 Sites WordPress Infect\u00e9s en une Nuit \u2014 Retour d'Exp\u00e9rience MogaCode","description":"En avril 2026, 21 sites clients infect\u00e9s via plugins null\u00e9s. Comment Patrick Rary a tout nettoy\u00e9 en 12h et les le\u00e7ons apprises.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.mogacode.ma\/en\/21-sites-wordpress-infectes-nuit\/","og_locale":"en_US","og_type":"article","og_title":"21 Sites WordPress Infect\u00e9s en une Nuit \u2014 Retour d'Exp\u00e9rience MogaCode","og_description":"En avril 2026, 21 sites clients infect\u00e9s via plugins null\u00e9s. Comment Patrick Rary a tout nettoy\u00e9 en 12h et les le\u00e7ons apprises.","og_url":"https:\/\/www.mogacode.ma\/en\/21-sites-wordpress-infectes-nuit\/","og_site_name":"Mogacode","article_publisher":"https:\/\/www.facebook.com\/mogacode","article_published_time":"2026-05-01T14:23:16+00:00","article_modified_time":"2026-05-02T08:42:02+00:00","author":"hello@coden.ma","twitter_card":"summary_large_image","twitter_creator":"@mogacode","twitter_site":"@mogacode","twitter_misc":{"Written by":"hello@coden.ma","Est. reading time":"8 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.mogacode.ma\/21-sites-wordpress-infectes-nuit\/#article","isPartOf":{"@id":"https:\/\/www.mogacode.ma\/21-sites-wordpress-infectes-nuit\/"},"author":{"name":"hello@coden.ma","@id":"https:\/\/www.mogacode.ma\/en\/#\/schema\/person\/445789c92b6df378ea6f15ad3d8550f7"},"headline":"21 Sites WordPress Infect\u00e9s en une Nuit \u2014 Retour d&rsquo;Exp\u00e9rience MogaCode","datePublished":"2026-05-01T14:23:16+00:00","dateModified":"2026-05-02T08:42:02+00:00","mainEntityOfPage":{"@id":"https:\/\/www.mogacode.ma\/21-sites-wordpress-infectes-nuit\/"},"wordCount":1549,"publisher":{"@id":"https:\/\/www.mogacode.ma\/en\/#organization"},"articleSection":["S\u00e9curit\u00e9 WordPress","WordPress"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.mogacode.ma\/21-sites-wordpress-infectes-nuit\/","url":"https:\/\/www.mogacode.ma\/21-sites-wordpress-infectes-nuit\/","name":"21 Sites WordPress Infect\u00e9s en une Nuit \u2014 Retour d'Exp\u00e9rience MogaCode","isPartOf":{"@id":"https:\/\/www.mogacode.ma\/en\/#website"},"datePublished":"2026-05-01T14:23:16+00:00","dateModified":"2026-05-02T08:42:02+00:00","description":"En avril 2026, 21 sites clients infect\u00e9s via plugins null\u00e9s. Comment Patrick Rary a tout nettoy\u00e9 en 12h et les le\u00e7ons apprises.","breadcrumb":{"@id":"https:\/\/www.mogacode.ma\/21-sites-wordpress-infectes-nuit\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.mogacode.ma\/21-sites-wordpress-infectes-nuit\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.mogacode.ma\/21-sites-wordpress-infectes-nuit\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Accueil","item":"https:\/\/www.mogacode.ma\/"},{"@type":"ListItem","position":2,"name":"21 Sites WordPress Infect\u00e9s en une Nuit \u2014 Retour d&rsquo;Exp\u00e9rience MogaCode"}]},{"@type":"WebSite","@id":"https:\/\/www.mogacode.ma\/en\/#website","url":"https:\/\/www.mogacode.ma\/en\/","name":"Mogacode - D\u00e9veloppement de sites web et applications \u00e0 Essaouira","description":"","publisher":{"@id":"https:\/\/www.mogacode.ma\/en\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.mogacode.ma\/en\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.mogacode.ma\/en\/#organization","name":"MogaCode","alternateName":"MogaCode SARL-AU","url":"https:\/\/www.mogacode.ma\/en\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.mogacode.ma\/en\/#\/schema\/logo\/image\/","url":"https:\/\/www.mogacode.ma\/wp-content\/uploads\/2025\/10\/ChatGPT-Image-22-oct.-2025-a-09_49_53.png","contentUrl":"https:\/\/www.mogacode.ma\/wp-content\/uploads\/2025\/10\/ChatGPT-Image-22-oct.-2025-a-09_49_53.png","width":1024,"height":1024,"caption":"MogaCode"},"image":{"@id":"https:\/\/www.mogacode.ma\/en\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/mogacode","https:\/\/x.com\/mogacode"],"description":"Agence digitale sp\u00e9cialis\u00e9e en d\u00e9veloppement WordPress, SaaS IA et SEO. Fond\u00e9e \u00e0 Essaouira par un expert judiciaire informaticien avec 30 ans d'exp\u00e9rience IT. Clients en France, Belgique, Luxembourg et Maroc.","email":"contact@mogacode.ma","telephone":"+212620229114","legalName":"MogaCode SARL-AU","foundingDate":"2019"},{"@type":"Person","@id":"https:\/\/www.mogacode.ma\/en\/#\/schema\/person\/445789c92b6df378ea6f15ad3d8550f7","name":"hello@coden.ma","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/f1817f9bc5dbb82e094a268ef248b84289885c636ab5f8b312f7367f85211e36?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/f1817f9bc5dbb82e094a268ef248b84289885c636ab5f8b312f7367f85211e36?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/f1817f9bc5dbb82e094a268ef248b84289885c636ab5f8b312f7367f85211e36?s=96&d=mm&r=g","caption":"hello@coden.ma"},"sameAs":["https:\/\/coden.ma"],"url":"https:\/\/www.mogacode.ma\/en\/author\/hellocoden-ma\/"}]}},"_links":{"self":[{"href":"https:\/\/www.mogacode.ma\/en\/wp-json\/wp\/v2\/posts\/1664","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.mogacode.ma\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.mogacode.ma\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.mogacode.ma\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.mogacode.ma\/en\/wp-json\/wp\/v2\/comments?post=1664"}],"version-history":[{"count":3,"href":"https:\/\/www.mogacode.ma\/en\/wp-json\/wp\/v2\/posts\/1664\/revisions"}],"predecessor-version":[{"id":1700,"href":"https:\/\/www.mogacode.ma\/en\/wp-json\/wp\/v2\/posts\/1664\/revisions\/1700"}],"wp:attachment":[{"href":"https:\/\/www.mogacode.ma\/en\/wp-json\/wp\/v2\/media?parent=1664"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.mogacode.ma\/en\/wp-json\/wp\/v2\/categories?post=1664"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.mogacode.ma\/en\/wp-json\/wp\/v2\/tags?post=1664"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}