Today, I encountered a malicious software on WordPress that inserted several i.php requests into the website header, with IDs starting with hello_newscript.
The client's website showed slow loading speeds. Viewing the source code revealed several unloadable js files, as shown in the image below:
Through source code analysis, it was found that the above code had been inserted. Fortunately, some of these virus websites had their servers shut down, and others had slow access speeds from within the country, so aside from the slow speed, the website was not otherwise affected. The exact method of infection for this virus could not be determined, as after deleting several inactive plugins, the virus disappeared. It is estimated that an inactive plugin was infected. This article is purely for documentation purposes, hoping you won't encounter it.
Comments are closed
The comment function for this article is closed. If you have any questions, please feel free to contact us through other channels.