Malware, Network Security, Vulnerability Management

Attackers inject code into WordPress header file to redirect random users

Researchers are warning WordPress website administrators of a new malware attack, whereby adversaries inject code into the header.php file of a site's current WordPress theme, in order to redirect random visitors to malicious domains. According to a blog post from Sucuri, infections typically arise from exploited vulnerabilities or unauthorized access to the WordPress admin interface.

Sucuri said that 15 percent of randomly selected visitors to these infected sites do not reach their intended destination; rather, they are sent through malicious redirect chains that include the domains default7.com, test246.com, test0.com, distinctfestive.com and ableoccasion.com.

Internet Explorer browser users, for example, are redirected to websites that offer fraudulent Flash and Java updates, which are actually malware programs.

Sucuri found that attackers can similarly inject this malware code into a Joomla website's .php file. Disabling the user's ability to edit a WordPress or Joomla site's .php files can prevent such an attack.

Bradley Barth

As director of multimedia content strategy at CyberRisk Alliance, Bradley Barth develops content for online conferences, webcasts, podcasts video/multimedia projects — often serving as moderator or host. For nearly six years, he wrote and reported for SC Media as deputy editor and, before that, senior reporter. He was previously a program executive with the tech-focused PR firm Voxus. Past journalistic experience includes stints as business editor at Executive Technology, a staff writer at New York Sportscene and a freelance journalist covering travel and entertainment. In his spare time, Bradley also writes screenplays.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.