This section describes phishing that displays a fake Google login screen on a WordPress site.
Displays login screens for various services and steals users’ login IDs and passwords
Hacking and stealing login information by altering WordPress and sending the user to a different site (redirect), displaying a fake login screen for a fake company, and then stealing the user’s login information when the user mistakenly enters the wrong information is called This is called phishing.
Various phishing sites have been identified, but phishing is most often performed on the most popular services.
Google login screens and widgets
Microsoft login screens and widgets
Paypal login screens and widgets
Various foreign banks’ login screens (we have not confirmed any phishing sites for Japanese banks’ login screens at present)
Your website displays a login screen that you do not remember creating.
If your website displays a login screen for a well-known service that you do not remember creating, it is possible that your site has been tampered with.
If a visitor to your site enters his or her login information on this fake login screen, the ID and password could be sent to hackers and the user could be seriously harmed.
Embedding such a fake login screen is easy for hackers because they can simply copy the HTML code or image and make it look exactly the same as the legitimate screen.
To tell if a site is a phishing site, it is important to look at the URL of the site you are currently accessing or to basically not trust the login widget if it appears on another site that you do not trust, such as Google.
Detecting Phishing Malicious Code
If your site embeds a fake login screen or sends users to an unauthorized site that hosts a fake login screen, there may be malicious code embedded in your company’s site.
This code can be cleverly hidden deep down or obfuscated to make the code difficult to read, making it very hard to find. index.php (in the top WordPress directory or in the theme).
Example of obfuscated code
*See also the following for files most likely to be tampered with
10 files in which malformed JAVASCRIPT code is embedded when WordPress is tampered with
This kind of unauthorized tampering can be detected and removed by security plug-ins.
If detection and disinfection is difficult, we also recommend that you contact a technician with expertise in the field.