Attackers Inject Code into WordPress Theme to Redirect Visitors

SUMMARY :

An analysis reveals a recent attack vector targeting WordPress themes, specifically injecting malicious code into the footer.php file. The injected code uses a function called r2048 to retrieve a URL from a remote server and redirect visitors. This method is particularly insidious as it's not visible from the WordPress dashboard. The attackers utilize either cURL or file_get_contents to fetch the redirection URL, allowing for dynamic control over the destination based on factors like the user's browser or device. This technique underscores the importance of regular theme and plugin audits, as well as securing FTP and SSH access to prevent unauthorized file modifications.

OPENCTI LABELS :

wordpress,curl,code injection,redirect,footer.php,theme injection,file_get_contents,r2048 function


Open in NetmanageIT OpenCTI Public Instance with below link!


Use public read only username and password on login page.

NOTE : Use Public READ only user credentials on login page banner.


Attackers Inject Code into WordPress Theme to Redirect Visitors