The invisible iFrame hack

The invisible iFrame hack
datum-geschreven 19 Dec 2023

The “Invisible iFrame Hack” is one of the most effective hacks known.

Why is the iFrame hack so effective?

The iFrame spans across the entire browser width and height. So, wherever a visitor clicks, they will be redirected to the hacker’s advertising campaign.

But wait, there’s more…

The iFrame is controlled with a cookie and is displayed only once. Scanners, including you or security personnel, will see the site only once, creating the illusion that the problem was temporary or has been resolved.

Most people will simply think they might have clicked incorrectly and will hopefully return to your website.

The impact of the hack

Some visitors, maybe 1 out of 1000, might mistakenly believe they are in the right place and end up purchasing a service or product from the website where they weren’t supposed to be. This is exactly what the hacker, the creator of the script, aims for.

A small piece of code in a JS file

A JavaScript file (JS file) is supplemented with a piece of code that places an iFrame over your entire website. Despite your efforts, you might not find it easily as it’s just a small piece of code added to an existing file that belongs to the site.

When decoded by Sucuri, it looks like this:

click code

An effective method to remove the hack

You could search through your JS files, but the best approach is to replace all JS files with new clean ones that you download from the official WordPress website or your theme provider.

Preventing an iFrame hack

Of course, you don’t want the hack to reappear in your WordPress website a week later. To prevent this, update all your plugins, theme, and WordPress to their latest versions.

Additionally, use a reliable WordPress security plugin to enhance your website’s protection.

De meeste artikelen worden geschreven door Mathieu Scholtes, de eigenaar van WPBeveiligen. Op de hoogte blijven van het laatste WordPress nieuws? WordPress tips? WordPress aanbiedingen?
Connect dan op Linked-in!

Heb je een vraag? Tip of gedachte? Deel die!

Breng me op de hoogte
0 Reacties
Inline Feedbacks
Bekijk alle reacties