Hacking the text editor in WordPress

Hacking the text editor in WordPress
datum-geschreven 16 Sep 2023

Hackers, click away. We’re not going to teach you how to hack WordPress!!

Now that the hackers are gone, let’s continue with this article.

The text editor hack

A common hack, you see nothing on the page and nothing in your editor.
Until you click on the Text editor tab! Suddenly, there’s ugly code.

Don’t be mistaken, this code is carefully chosen and does more to your website than you want to know.

  1. That piece of ugly text/code can make visitors see an iFrame.
    That’s an entirely different website that appears on top of your website.
  2. That piece of ugly code can redirect visitors to another website.
    For example, the hacker’s webshop.
  3. That piece of ugly code generates descriptions in Google.
    Think “Buy ….. at www…..nl”
  4. That piece of ugly code can turn any word into a link.
    Links to a criminal’s webshop.
  5. And much more!

With JavaScript on your website or on various pages, almost anything is possible!

You don’t want that code in your pages. Especially not secretly, as you may only notice it months later.

How can you find out if you have that ugly code in your website?

Simply check the text editor. (Or database table: wp_post)

How can you prevent that ugly code from getting into your website?

Unfortunately, that code is very easy to inject through a database query. Through an XSS, a vulnerability in a plugin, and 30 other ways.


  1. Regularly update your website
  2. Don’t use too many plugins
  3. Use strong passwords
  4. Install an Antivirus plugin for WordPress that prevents injections, hacks, and hackers (Configure it properly!!)
  5. Keep only the theme you’re using on the server
  6. And lastly, but the first thing you should do now: back up your website!

If you’re having trouble, hire us. It will save you a lot of headache and time, and you’ll know that your website is in professional hands.

De meeste artikelen worden geschreven door Mathieu Scholtes, de eigenaar van WPBeveiligen. Op de hoogte blijven van het laatste WordPress nieuws? WordPress tips? WordPress aanbiedingen?
Connect dan op Linked-in!

Heb je een vraag? Tip of gedachte? Deel die!

Breng me op de hoogte
0 Reacties
Inline Feedbacks
Bekijk alle reacties