Hackers are targeting WordPress sites by injecting JavaScript backdoors to maintain persistent access. A recent report found over 1,000 infected websites, where malicious code delivers four different backdoors.
These backdoors give attackers multiple ways to regain control, even if website owners remove one method. The compromised sites load harmful scripts from an external domain, affecting hundreds of unsuspecting users.
What Is a JavaScript Backdoor?
A JavaScript backdoor is a hidden piece of malicious code that allows attackers to gain unauthorized access to a compromised system or website. Hackers embed this code in web pages, plugins, or third-party scripts, enabling them to bypass authentication, execute remote commands, or steal sensitive data. Unlike traditional malware, a JavaScript backdoor operates within the browser, making it harder to detect. Cybercriminals use this technique to inject harmful payloads, manipulate site content, or create persistent access points.
How the Backdoors Work
Each backdoor serves a unique purpose:
- Fake Plugin – A malicious plugin called “Ultra SEO Processor” executes attacker commands.
- wp-config Injection – Hackers modify the site’s configuration file to embed harmful JavaScript.
- SSH Access – Attackers add an unauthorized SSH key, enabling remote control.
- Command Execution – The malware fetches additional payloads to open a reverse shell.
By using multiple backdoors, cybercriminals ensure continued control over infected websites.
A Growing Cyber Threat from Hackers
This attack is not isolated. Another campaign compromised over 35,000 websites, redirecting visitors to gambling sites with malicious JavaScript. These redirections mainly affect regions where people commonly speak Mandarin.
In another case, a cybercriminal group injected scripts into Magento sites to collect user fingerprints. Hackers use this stolen data to bypass security measures and commit fraud.
How to Protect Your Website
Website owners must take immediate action to prevent infections. Delete unauthorized SSH keys, update admin credentials, and monitor system logs for suspicious activity. Regularly updating WordPress and plugins helps close security gaps. Strong security practices can stop hackers from taking control of your site.
Sleep well, we got you covered.
