This article describes this type of tampering, as there have been an increasing number of cases in which WordPress has been hacked and a large number of malicious files have been hosted in random one-byte alphanumeric folders without permission.


Characteristics of Malware

In this type of tampering, hackers create a folder of random strings on the WordPress server via a backdoor embedded in the server without permission, and install a large number of HTML files in it, as shown below.

The file names are often in the form of word-word-word.php.

Content of the code
The HTML code is a large amount of context-free, sentence after sentence of HTML code.

The footer of this HTML file often also contains a large number of links to other incorrect HTML files on other sites or on your own site.

Malware Activity

The reason this malware generates a large number of such files and embeds them on the server is to get these files onto search engines such as Google and misdirect users to other malicious sites, or to obtain links in order to improve search rankings.

For this reason, this type of malware is called an SEO hack.

By stealing the reputation of a site that the search engines have already determined to be safe, the malware can increase the search engine rating or misdirect users to other fraudulent sites with the goal of increasing the SEO rating of the original site and lowering its search engine rankings, or even causing a large number of irrelevant pages to appear in the search results for your site. In addition, a large number of irrelevant pages may appear in the search results of your site.

How to deal with malware

Since it is often safe to delete the entire folder of random strings as is, you can prevent the reproduction of malicious HTML files by deleting the entire folder and making that folder or a higher level folder write-permission (permissions) un-writable.
(We recommend that you make a backup of your site before proceeding.)

We also recommend the use of malware scanning plug-ins to find and remove backdoors and vulnerabilities that may have been the source of this defacement.

Free WordPress:Malware Scanning & Security Plug-in [Malware and Virus Detection and Removal].