Sucuri security researchers have identified a core component of the WordPress content management systems that allows hackers to install malicious redirects in the sites.
WordPress Can Be Compromised with a Core Component
Sucuri specialists have identified a new security vulnerability in the WordPress content management system which powers a large portion of sites on the Internet. This time its the template loader found in the wp-includes/template-loader.php component which manages the site’s page templates. In the last reported incidents, computer hackers altered the file to redirect the legitimate traffic to a malicious remote site that offers activation keys for Microsoft products.
This attack is very useful in the instances where the hackers want to coerce computer users into buying or selling counterfeit products and services. They rely on the reputation of legitimate sites rather than creating spam ones by hacking them using different methods. It is up to the web administrators to detect such changes as they can be made in a subtle and silent way. When a site with a lot of contents is hacked, it may take days or even weeks to notice the intrusion.
The injected snippet not only adds the redirect code to the infected site but also provides protection from malicious checks done by the search engines. The spam content is made invisible to the search engines to avoid it from showing up in searches.
This types of attacks can be mitigated by always running the latest stable versions of the WordPress CMS and its installed plugins and themes. Web administrators can also invest in a tool that monitors file integrity to alert for any unauthorised changes to all hosted content.
