We have discovered a case of malware (redirect code) being written to the WPCode – Insert Headers and Footers plugin in WordPress.
WPCode – Insert Headers and Footers Malware using the insert-headers-and-footers plugin to redirect sites to unauthorized pages
This malware installs the WPCode – Insert Headers and Footers plugin on its own, or by writing malicious PHP code to the already installed plugin, it redirects the site to another sweepstakes site or robot-authenticated redirects the site to another sweepstakes site or robot-authenticated site. In many cases, the redirection is to web-hosts.io.
In addition to the malicious redirects, the malware is clever in the following ways
The malicious PHP code added to the plugin includes code that hides the plugin’s administration screen and menu itself.
→Malformed codes are often present in the VALUE of wpcode_snippets in the wp_option table
→Because of this, the plugin’s administration screen is invisible
Users who have once logged in as administrator are not redirected.
→This makes it impossible to reproduce the redirect and delays investigation and exposure
WPCode Plugin Malware Detection and Removal
If you are experiencing symptoms of redirects on your WordPress site, you should also suspect this type of infection.
If the WPCode – Insert Headers and Footers plugin is in your plugins list or in the wp-content/plugins/insert-headers-and-footers folder, and you do not remember putting it there, you can stop and remove it. If you find the plugin in the plugin list screen or in the wp-content/plugins/insert-headers-and-footers folder and do not remember putting it in, you can stop it from executing malicious code.
Also, the fact that the hacker was able to introduce this malware means that he was able to log in to the admin panel.
We will investigate and exterminate rogue users of WordPress and search and exterminate other malware.
[Free] WordPress:Malware Scan & Security Plugin [Malware and Virus Detection and Removal].
After that, basic security measures should also be taken to prevent re-infection.