{"id":21454,"date":"2023-09-16T11:14:06","date_gmt":"2023-09-16T09:14:06","guid":{"rendered":"https:\/\/wpbeveiligen.nl\/?p=21454"},"modified":"2023-07-13T11:16:06","modified_gmt":"2023-07-13T09:16:06","slug":"hacking-the-text-editor-in-wordpress","status":"publish","type":"post","link":"https:\/\/wpbeveiligen.nl\/en\/hacking-the-text-editor-in-wordpress\/","title":{"rendered":"Hacking the text editor in WordPress"},"content":{"rendered":"
Hackers, click away. We’re not going to teach you how to hack WordPress!!<\/em><\/p>\n Now that the hackers are gone, let’s continue with this article.<\/p>\n A common hack, you see nothing on the page and nothing in your editor. Don’t be mistaken, this code is carefully chosen and does more to your website than you want to know.<\/p>\n With JavaScript on your website or on various pages, almost anything is possible!<\/p>\n You don’t want that code in your pages. Especially not secretly, as you may only notice it months later.<\/p>\n Simply check the text editor. (Or database table: wp_post)<\/p>\n Unfortunately, that code is very easy to inject through a database query. Through an XSS<\/a>, a vulnerability in a plugin<\/a>, and 30 other ways.<\/p>\n So,<\/strong><\/p>\nThe text editor hack<\/h2>\n
\nUntil you click on the Text editor tab! Suddenly, there’s ugly code.<\/p>\n\n
\nThat’s an entirely different website that appears on top of your website.<\/em><\/li>\n
\nFor example, the hacker’s webshop.<\/em><\/li>\n
\nThink “Buy ….. at www…..nl”<\/li>\n
\nLinks to a criminal’s webshop.<\/em><\/li>\nHow can you find out if you have that ugly code in your website?<\/h2>\n
How can you prevent that ugly code from getting into your website?<\/h2>\n
\n