Skip to main content

Weekly Website Trends: WordPress Supply Chain Attack, AI Bots Outpace Google

· 12 min read
WebDialogAI Team

If this week taught website owners anything, it's that the threats are getting faster and the opportunities are getting weirder.

A popular WordPress plugin was backdoored through its own update channel. AI bots are now crawling more pages than Google. And Amazon just added a fuel surcharge that eats into already-thin margins.

If you missed the previous roundups, catch up on last week's trends and earlier this week. Here are seven new developments that matter right now.

1. WordPress Supply Chain Attack: 800K Sites at Risk

This is the most urgent item on the list.

On April 7, attackers compromised the update infrastructure for Smart Slider 3 Pro — a plugin used on over 800,000 WordPress sites — and pushed a trojanized version (3.5.1.35) through the official update channel. The malicious update was live for approximately 6 hours before detection.

What the backdoor could do:

  • Create rogue admin accounts on your WordPress site
  • Exfiltrate database credentials, including plaintext admin usernames and passwords
  • Execute system commands remotely
  • Phone home to a command-and-control server

Only the Pro version was affected — the free version distributed through WordPress.org was not compromised. A clean version (3.5.1.36) has been released by Nextend.

This is a textbook supply chain attack: the malware came through the trusted update channel, bypassing every security measure except post-update file integrity scanning.

What to do now:

  • If you use Smart Slider 3 Pro and auto-updated on April 7, assume compromise. Scan for backdoors, rotate all passwords and database credentials, and update to 3.5.1.36
  • Audit your WordPress plugin update settings. Consider disabling auto-updates for premium plugins and updating manually after a 24-48 hour delay
  • Review your plugin inventory — every plugin is an attack surface. If you're not actively using it, deactivate and remove it

2. Amazon Hits FBA Sellers with a 3.5% Fuel Surcharge

Amazon announced a 3.5% fuel and logistics surcharge on all FBA fulfillment fees, effective April 17 in the U.S. and Canada (May 2 for Buy with Prime and Multi-Channel Fulfillment).

That adds roughly $0.17 per standard unit — which doesn't sound like much until you multiply it across thousands of orders per month. For a seller doing 5,000 units/month, that's an extra $850/month in fees.

The driver is geopolitical: the Iran conflict pushed Brent crude from $72/barrel to $126/barrel between late February and mid-March. Hormuz Strait shipping delays have stretched 21-day ETAs to 45 days, with costs up 28% across the board. UPS and FedEx have imposed their own surcharges as well.

Amazon calls it "temporary" but provided no end date.

What to do now:

  • Recalculate your per-unit margins with the 3.5% surcharge factored in. Some SKUs may no longer be profitable on FBA
  • Consider diversifying fulfillment — if you're 100% FBA, you're 100% exposed to Amazon's fee changes
  • If you sell on your own website, this is a good time to push direct-to-consumer sales where you control fulfillment costs. A live chat widget on your ecommerce site can help convert visitors who might otherwise default to Amazon

3. One Year After "Liberation Day" Tariffs — The Damage Report

This week marks one year since the "Liberation Day" tariffs of April 2, 2025. The retrospectives published this week contain numbers every online seller should know.

The impact on small businesses was devastating:

  • Small-business importers paid an average of $306,000 in additional tariff costs
  • By August 2025, 9 in 10 goods firms had raised prices and 75% reported margin declines despite the increases
  • 100,000 manufacturing jobs were lost in the year following
  • The average American household paid an extra $1,700 due to tariff-driven price increases

The Supreme Court ruled the IEEPA tariffs unconstitutional in February 2026, but the government had already collected $166 billion from 330,000+ businesses. Refunds are still being processed. New tariffs on steel, aluminum, and pharmaceuticals have replaced the struck-down ones.

What to do now:

  • If you import goods, check whether you're eligible for tariff refunds from the overturned IEEPA tariffs
  • Diversify your supply chain if you haven't already — single-country sourcing is a proven liability now
  • Be transparent with customers about price increases rather than quietly shrinking margins. Transparency builds trust; hidden cost-cutting (smaller packaging, slower shipping) erodes it

4. AI Bots Now Crawl 3.6x More Pages Than Googlebot

This may be the most important long-term trend of the week.

New Q1 2026 crawl data shows that AI/LLM bots — GPTBot, ClaudeBot, PerplexityBot, Bytespider, Amazonbot, and others — now collectively crawl 3.6x more pages than Googlebot. Googlebot's share of verified bot traffic fell from 38.7% to 31.6% in Q1 alone. AI crawlers quadrupled their traffic share from 2.6% to 10.1% in just eight months.

On the consumer side, the shift is just as dramatic: 35% of US consumers now use AI at the product discovery stage, compared to 13.6% who use traditional search — per Similarweb's 2026 data.

This means a new discipline is emerging alongside SEO: Generative Engine Optimization (GEO) — optimizing your website for visibility in AI-generated responses, not just search engine results pages. This week, Durable launched "Discoverability" — a dashboard that shows how your business appears across ChatGPT, Gemini, Grok, and Perplexity — making GEO accessible to small businesses for the first time.

What to do now:

  • Check your server logs or analytics for AI bot traffic. You may be surprised how much of your bandwidth goes to LLM crawlers
  • Review your robots.txt — decide whether you want AI bots crawling your site. Blocking them saves bandwidth but makes you invisible to AI search
  • Start thinking about GEO: structured data, clear FAQ sections, and comprehensive product information help AI models accurately represent your business. A well-maintained knowledge base serves double duty — it trains your own AI chat and makes your content more digestible for external AI crawlers
  • Test how your business appears when asked about in ChatGPT, Gemini, and Perplexity. If the answer is wrong or missing, that's your GEO starting point

5. Chrome's 4th Zero-Day of 2026 — Patch by April 15

Google patched a high-severity zero-day in Chrome (CVE-2026-5281) that was actively exploited in the wild. The vulnerability is a use-after-free bug in Dawn, Chrome's WebGPU implementation — relevant because WebGPU is increasingly used for in-browser ML inference, games, and data visualization.

CISA added it to its Known Exploited Vulnerabilities catalog with a mandatory patch deadline of April 15 for federal agencies. This is Chrome's 4th zero-day of 2026, highlighting an accelerating browser security problem.

In related Chrome news: Chrome 147 went stable on April 7, and Google announced Chrome will move to a 2-week release cycle starting September 2026 (Chrome 153), doubling the current pace.

What to do now:

  • Update Chrome immediately on all devices. Check chrome://settings/help for version status
  • If you manage a team, push Chrome updates through your device management policy — don't rely on individuals updating
  • If your website uses WebGPU features, test that your implementation isn't affected by the patch

6. TikTok Shop Projected to Hit $1 Trillion by 2030

A Flywheel report projects TikTok Shop will capture 14.6% of global marketplace share by 2030, driving roughly $1 trillion in sales — making ByteDance a top-3 global retailer behind Amazon ($1.1T) and Pinduoduo.

TikTok Shop already hit $15 billion in GMV in 2025, growing 68% year-over-year despite ownership uncertainty. It now sits in a tight $15-22B band alongside Walmart's marketplace.

The projected marketplace landscape by 2030:

RankMarketplaceProjected GMV
1Amazon$1.1T
2Pinduoduo~$1T
3TikTok Shop~$1T
4Shopee~$400B
5Walmart~$300B

For ecommerce merchants, the multi-marketplace strategy is now essential. Amazon captures search-intent volume, Walmart reaches value shoppers, and TikTok Shop drives discovery-based impulse purchases. Running on just one platform leaves money on the table.

What to do now:

  • If you sell physical products and aren't on TikTok Shop, evaluate whether your product category fits discovery-driven purchasing (beauty, fashion, home, food, and gadgets perform best)
  • Don't treat TikTok Shop like Amazon — it rewards video content, authentic creator partnerships, and trend-riding, not keyword-optimized listings
  • Consider your ecommerce conversion optimization across platforms. Each marketplace has different conversion patterns — what works on Amazon won't work on TikTok

7. New AI Tools for Ecommerce Sellers This Week

Several practical tools launched this week that are worth knowing about, per Practical Ecommerce's April 8 roundup:

Goflow Order-Level P&L — Real-time profit tracking per order across your entire catalog. Critical as margins tighten from surcharges, tariffs, and rising fulfillment costs.

Also notable from Practical Ecommerce's April 1 roundup: several new AI creative tools for merchants are entering the market, including AI-powered product photography generators and video creation tools — solving the expensive product photography problem for small sellers who can't afford $50-200 per product shoot.

What to do now:

  • If you're struggling to understand per-order profitability (especially with new surcharges), look at Goflow or similar tools before the Amazon surcharge hits April 17
  • Explore AI product photography tools if photography is a bottleneck or cost center — the quality gap between AI-generated and professional product images is closing fast
  • Keep an eye on the GEO tools category (covered in Section 4) — new platforms are launching weekly as Generative Engine Optimization moves from concept to tooling

The Bottom Line

Two security themes bookend this week — a WordPress supply chain attack and a Chrome zero-day — reminding us that website security isn't a set-it-and-forget-it task. Update everything, audit your plugins, and rotate credentials regularly.

The bigger strategic shift is the rise of AI as a primary traffic source. When AI bots crawl more than Google and 35% of consumers discover products through AI, your website's structured data, knowledge base, and content quality matter more than ever — not just for SEO, but for Generative Engine Optimization.

And with Amazon surcharges, lingering tariff costs, and rising fulfillment expenses, pushing direct-to-consumer sales through your own website — with AI-powered live chat for ecommerce handling the customer experience — is looking smarter every week.

WebDialogAI gives your website AI-powered chat with seamless human handover — so every visitor gets instant answers and a real person when they need one. Get started free or see how it works.

Sources: