A few days ago, we received a hack removal request for a WordPress website using both Malcare and WordFence; it kept getting hacked and injected with Japanese spam malware repeatedly. The site owner told us that he found two scripts injected into his WordPress site; the first one was located under the site's root directory with the name sw.js, while the other was sitting under wp-includes/js directory with the name font.js. The owner also mentioned that they suspect there is a backdoor which is used to keep infecting their site again and again. While auditing the site for malware, we immediately confirmed the site owner's findings; we … [Read more...] about The free.xjs.lol Spam Injection WordPress Malware Cleanup
Security
June WordPress Security Updates and News-Volume 1
The first half of June was a period of time with a great number of WordPress security incidents. Over 40 Plugin Vulnerabilities were detected affecting more than 7 million websites. This is indeed a number that can not be ignored. So let us take a closer look at some of those vulnerabilities. WordPress Plugin Vulnerabilities Jetpack. With over 5 million installations this Plugin was affected by a Carousel Non-Published Page/Post Attachment Comment Leak. A patch is released in the latest version and you can find out more here. MC4WP: Mailchimp for WordPress. This very popular WordPress Plugin was hit by two medium-risk … [Read more...] about June WordPress Security Updates and News-Volume 1
May WordPress Security Updates and News-Volume 2
Every month is full of interesting and useful WordPress News and Updates; the second half of May was yet again a period filled with news. WordPress News and Updates Happy 18th Birthday WordPress! On the 27th of May, WordPress celebrated its 18th Birthday! And what a magnificent milestone this has been... Since its last birthday, the 40th release has been rolled out and WordPress now is powering over 40% of the web. WordPress Plugin Vulnerabilities During the last half of May, there were 13 Plugin Vulnerabilities spotted. These include: WP Super Cache. This popular WordPress plugin was detected with an Authenticated … [Read more...] about May WordPress Security Updates and News-Volume 2
How to trace and clean the monit.php hack
UPDATED: 14th July 2020 Let's start this tutorial with a tip, if you want to know your site has been infected by the monit.php hack add your site URL before this snippet and browse it: /wp-admin/options-general.php?page=monit If you see a page opening with settings and text strings then you're most probably hacked, if not you're probably safe. In both cases I suggest to follow the cleanup guide for the ofgogoatan.com redirect hack. Monit.php flagged as malware A few days ago we have been contacted by a client who was looking to clean his site from malware. While working on his site he noticed that some random code was … [Read more...] about How to trace and clean the monit.php hack
The WordPress Popup Builder Vulnerability
Malicious JavaScript code can be injected into Popups Several security flaws have been uncovered in the Popup Builder plugin code. Currently, this plugin has more than 200,000 active installs. Many site owners are still unaware of the issue. This plugin is regularly updated and maintained by the authors. However, it took them 7 days to release the patched version of the plugin. Meanwhile, many sites were exploited by hackers and those using an outdated version of the plugin are still at risk. One of the vulnerabilities tracked as CVE-2020-10196, can be used to collect the list of subscribers. Apart from that, an attacker can gather … [Read more...] about The WordPress Popup Builder Vulnerability