This article describes this type of tampering, as there have been an increasing number of cases in which WordPress has been hacked and a large number of malicious files have been hosted in random one-byte alphanumeric folders without permission.


Characteristics of Malware

In this type of tampering, hackers create a folder of random strings on the WordPress server via a backdoor embedded in the server without permission, and install a large number of HTML files in it, as shown below.

The file names are often in the form of word-word-word.php.

Content of the code
The HTML code is a large amount of context-free, sentence after sentence of HTML code.

The footer of this HTML file often also contains a large number of links to other incorrect HTML files on other sites or on your own site.

Malware Activity

The reason this malware generates a large number of such files and embeds them on the server is to get these files onto search engines such as Google and misdirect users to other malicious sites, or to obtain links in order to improve search rankings.

For this reason, this type of malware is called an SEO hack.

By stealing the reputation of a site that the search engines have already determined to be safe, the malware can increase the search engine rating or misdirect users to other fraudulent sites with the goal of increasing the SEO rating of the original site and lowering its search engine rankings, or even causing a large number of irrelevant pages to appear in the search results for your site. In addition, a large number of irrelevant pages may appear in the search results of your site.

How to deal with malware

Since it is often safe to delete the entire folder of random strings as is, you can prevent the reproduction of malicious HTML files by deleting the entire folder and making that folder or a higher level folder write-permission (permissions) un-writable.
(We recommend that you make a backup of your site before proceeding.)

We also recommend the use of malware scanning plug-ins to find and remove backdoors and vulnerabilities that may have been the source of this defacement.

Free WordPress:Malware Scanning & Security Plug-in [Malware and Virus Detection and Removal].

Related Posts:

  1. What is a WordPress injection attack?
    There are various methods by which WordPress can be hacked, the most common of which is called an injection attack. This section describes these injection attacks....
  2. WordPress, dealing with spam indexing, where pages you don’t remember creating get caught in search results.
    We will explain how to deal with spam indexing, a common symptom of recent WordPress tampering, in which pages that you do not remember creating are caught in the search results....
  3. What is Japanese SEO Spam, a type of WordPress malware?
    We will explain about Japanese SEO Spam, which is a malware that embeds fake Japanese product sites in WordPress....
  4. Example of backdoor to plant malware code in $_HEADERS in WordPress
    We will explain about the type of backdoor that puts the main body of malware code in $_HEADERS, which has been increasingly detected in recent years....
  5. WordPress site defacement hacking for SEO purposes. what is SEO spam?
    The most common type of WordPress tampering these days is the hacking of WordPress sites for SEO purposes. We will explain this SEO spam....
  6. 10 Symptoms of WordPress hacked (tampered malware infection)
    This section describes 10 common symptoms of WordPress being hacked (tampering malware infection)....