19 Dec 2023
The “Invisible iFrame Hack” is one of the most effective hacks known.
Why is the iFrame hack so effective?
The iFrame spans across the entire browser width and height. So, wherever a visitor clicks, they will be redirected to the hacker’s advertising campaign.
But wait, there’s more…
The iFrame is controlled with a cookie and is displayed only once. Scanners, including you or security personnel, will see the site only once, creating the illusion that the problem was temporary or has been resolved.
Most people will simply think they might have clicked incorrectly and will hopefully return to your website.
The impact of the hack
Some visitors, maybe 1 out of 1000, might mistakenly believe they are in the right place and end up purchasing a service or product from the website where they weren’t supposed to be. This is exactly what the hacker, the creator of the script, aims for.
A small piece of code in a JS file
A JavaScript file (JS file) is supplemented with a piece of code that places an iFrame over your entire website. Despite your efforts, you might not find it easily as it’s just a small piece of code added to an existing file that belongs to the site.
When decoded by Sucuri, it looks like this:
An effective method to remove the hack
You could search through your JS files, but the best approach is to replace all JS files with new clean ones that you download from the official WordPress website or your theme provider.
Preventing an iFrame hack
Of course, you don’t want the hack to reappear in your WordPress website a week later. To prevent this, update all your plugins, theme, and WordPress to their latest versions.
Additionally, use a reliable WordPress security plugin to enhance your website’s protection.
