Alert: New way hackers using to hack Wordpress

Hackers New method of hacking WordPress!

Hackers these days are using new way to hack word press sites to gain control of the admin panel and your database. For beginners it is really hard to identify the threat.

We are now sharing the knowledge with you so you can protect your sites. This attack was used almost on all word press sites of my customers. Remember I am using plugin All in One Seo Pack to keep basic SEO settings for my customers simple. The hacker used name of the plugin to fool me.

The attack starts with a fake email from WordPress organisation. It have attached the screenshot below. I also have highlighted fake parts by which you can identify it is from a fake sender not WordOress.

When i downloaded it and scanned it then it was an obfuscated php. Nod Antivirus detect such scripts for you. Obfuscated php is hidden code of php. You can not see it or it looks different then php.

After this i even tried to open the obfuscated file but codes were well hidden so i tried the plugin to see what it will try to do but i tried it offline on Wampserver. Never ever attempt such things online.

I Aadded it to plugins then it gave me almost exact look of original plugin. It was also showing a fake update link within the plugins page. I will assume that they used original plugin and injected their code.

When i activated it this plugin tried to add some code lines in different parts of my wordpress. As i was on offline server with some permissions and extensions activated in wamp to stop any changes made by it, so nothing happened. But this plugin did tried to inject plenty of codes on my WordPress.

Below is the image of how plugin looked there and fatal errors of the script which could have been successful attack on live server.

I shared this to alert you about this new attack and save your precious websites. Also share it with others so they can protect there sites. Never used nulled scripts as they can give hackers access to your sites.

If you have any questions feel free to ask me in the comments below.




Android,2,Blogger,2,Cellular,1,com,1,domain,1,Earn Online,2,Gadgets,3,Gaming,2,Google,4,Google Maps,1,Health,2,Photoshop,3,Security,5,SEO,1,Softwares,9,Tech News,16,Ufone,1,Web Development,14,website,1,Windows,7,Wordpress,9,
Sufis Tech: Alert: New way hackers using to hack Wordpress
Alert: New way hackers using to hack Wordpress
Hackers are trying to hack you via email. We are alerting you and telling you the ways to secure your WordPress site
Sufis Tech
Loaded All Posts Not found any posts VIEW ALL Readmore Reply Cancel reply Delete By Home PAGES POSTS View All RECOMMENDED FOR YOU LABEL ARCHIVE SEARCH ALL POSTS Not found any post match with your request Back Home Sunday Monday Tuesday Wednesday Thursday Friday Saturday Sun Mon Tue Wed Thu Fri Sat January February March April May June July August September October November December Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec just now 1 minute ago $$1$$ minutes ago 1 hour ago $$1$$ hours ago Yesterday $$1$$ days ago $$1$$ weeks ago more than 5 weeks ago Followers Follow THIS PREMIUM CONTENT IS LOCKED STEP 1: Share to a social network STEP 2: Click the link on your social network Copy All Code Select All Code All codes were copied to your clipboard Can not copy the codes / texts, please press [CTRL]+[C] (or CMD+C with Mac) to copy Table of Content