Dozens of WordPress sites have been hacked in recent weeks to surreptitiously distribute lists of illegal “top casinos”, without their owners being aware of it. This growing phenomenon is a cause for concern, as it is no longer limited to WordPress.
Frank Kruit, aka MeneerCasino.com, regularly draws attention to the positioning of illegal casinos on Google via his linkedin account. He recently made an alarming observation after identifying more than 30 compromised WordPress sites. These platforms, which were often inactive or poorly maintained, had been hijacked to host misleading content promoting unregulated online casinos. In the majority of cases, the owners were not even aware of this.
The hackers’ modus operandi is discreet: instead of defacing the sites or blocking access, they insert SEO-optimised pages with highly competitive keywords such as ‘top online casino’ or ‘best Belgian casino’. The aim? To manipulate search engines to generate traffic to illegal operators, without arousing the suspicions of webmasters.
Flaws in the WordPress ecosystem
An analysis of the 30 hacked sites revealed a number of technical similarities. Among them, the massive use of certain plugins:
- Contact Form 7, present on 19 of the 30 sites,
- Elementor, Jetpack and WPBakery, often combined,
- Popular themes such as Astra, Motors, Uncode or Croma.
Even more worryingly, at least seven sites used plugins or themes with no identified developer or update history. In other words, the door was wide open to malicious scripts.
Tests confirm the scale of the problem in Belgium too
To check the extent of the problem, we analysed 12 compromised sites used to promote lists of illegal casinos operating in Belgium. Results:
- 8 used Elementor,
- 5 had the Yoast SEO plugin,
- 4 Contact Form 7,
- 4 Site Kit by Google.
Revealingly, one of the sites was not even based on WordPress, demonstrating that this type of piracy is not limited to WordPress. Other web platforms are also being targeted, and the threat is becoming more widespread.
A threat to the integrity of search results
The pages inserted by hackers are often well constructed, with advanced SEO optimisation. They parasitise organic search results by positioning themselves on strategic queries, particularly in the online gaming sector.
This type of content harms not only legitimate publishers, but also end users, who may be redirected to unauthorised or even fraudulent operators. It’s a double whammy: for sites that are victims of piracy, and for Internet users exposed to illegal offers.
Webmasters often powerless
Contacted by Frank Kruit, several owners and developers of affected sites confirmed that they were aware of the intrusion, although they were unable to determine the precise cause. Some suspect the action of automated bots scanning for known flaws in plugins or themes, while others admit to being completely helpless.
The lack of updates, negligent back-ups and the installation of free resources without checking their origin are all factors that increase the risk.
How can you protect yourself against this type of piracy?
The first line of defence is rigorous digital hygiene:
- Systematically update all plugins, themes and the core of WordPress,
- Delete unused or dubious extensions,
- Avoid plugins with no identifiable author or that have not been updated for a long time,
- Secure access to the administration interface (2FA, strong passwords),
- Monitor your site regularly with tools such as Wordfence or Sucuri.
But beyond the technical aspects, it’s a whole new awareness that’s needed: a website is a potential target as soon as it has a little authority or age.
Towards a safer Internet: wishful thinking?
Although some pirated sites have been cleaned up, Frank Kruit believes that the general reaction is still too slow.
‘The safer Internet is not moving fast enough,’ he concludes.
He calls on publishers to be more vigilant.