Security is a top concern for WordPress site owners and rightly so: there are over 7.5 million cyber attacks on WordPress sites every hour. Unsurprisingly, the open source nature and flexibility of WordPress makes it vulnerable to a host of diverse attacks. But its core is quite secure as the WordPress team is dedicated to maintaining the structural integrity of the application.
However, the same cannot be said for all WordPress themes and plugins.A malware attack was recently discovered by John Castro of Sucuri. The malware places C级执行名单 10-12 lines of code at the top of the vulnerable WordPress theme's header.php files in order to redirect visitors to malicious sites.This article will provide details of the attack; as well as tips for securing your site against such attacks in the future.How Malware Attack WorksAs mentioned earlier, the malware places 10-12 lines of code at the top of an active WordPress theme's header.php file. The code appears as follows: Malware injection in header.php file
The malware redirects visitors to default7.com (not the final redirect destination) on their first visit. It then sets the “896diC9OFnqeAcKGN7fW” cookie to track returning visitors for a year and tests search engine crawlers. If there are no bots, it checks the user agent header.Redirects are random for everyone. Also, default7 .com is just the first redirect destination. Visitors are then redirected to the following domains (depending on IP address and browser):