{"id":21454,"date":"2023-09-16T11:14:06","date_gmt":"2023-09-16T09:14:06","guid":{"rendered":"https:\/\/wpbeveiligen.nl\/?p=21454"},"modified":"2023-07-13T11:16:06","modified_gmt":"2023-07-13T09:16:06","slug":"hacking-the-text-editor-in-wordpress","status":"publish","type":"post","link":"https:\/\/wpbeveiligen.nl\/en\/hacking-the-text-editor-in-wordpress\/","title":{"rendered":"Hacking the text editor in WordPress"},"content":{"rendered":"<p><em>Hackers, click away. We&#8217;re not going to teach you how to hack WordPress!!<\/em><\/p>\n<p>Now that the hackers are gone, let&#8217;s continue with this article.<\/p>\n<h2>The text editor hack<\/h2>\n<p>A common hack, you see nothing on the page and nothing in your editor.<br \/>\nUntil you click on the Text editor tab! Suddenly, there&#8217;s ugly code.<\/p>\n<p>Don&#8217;t be mistaken, this code is carefully chosen and does more to your website than you want to know.<\/p>\n<ol>\n<li>That piece of ugly text\/code can make visitors see an <a href=\"https:\/\/www.wpbeveiligen.nl\/de-onzichtbare-iframe-hack\/\">iFrame<\/a>.<br \/>\n<em>That&#8217;s an entirely different website that appears on top of your website.<\/em><\/li>\n<li>That piece of ugly code can redirect visitors to another website.<br \/>\n<em>For example, the hacker&#8217;s webshop.<\/em><\/li>\n<li>That piece of ugly code generates descriptions in Google.<br \/>\nThink &#8220;Buy &#8230;.. at www&#8230;..nl&#8221;<\/li>\n<li>That piece of ugly code can turn any word into a link.<br \/>\n<em>Links to a criminal&#8217;s webshop.<\/em><\/li>\n<li>And much more!<\/li>\n<\/ol>\n<p>With JavaScript on your website or on various pages, almost anything is possible!<\/p>\n<p>You don&#8217;t want that code in your pages. Especially not secretly, as you may only notice it months later.<\/p>\n<h2>How can you find out if you have that ugly code in your website?<\/h2>\n<p>Simply check the text editor. (Or database table: wp_post)<\/p>\n<h2>How can you prevent that ugly code from getting into your website?<\/h2>\n<p>Unfortunately, that code is very easy to inject through a database query. Through an <a href=\"https:\/\/www.wpbeveiligen.nl\/wat-is-xss-alles-over-cross-site-scripting\/\">XSS<\/a>, a vulnerability in a <a href=\"https:\/\/www.wpbeveiligen.nl\/onveilige-plugins-wordpress-zorgen-problemen\/\">plugin<\/a>, and 30 other ways.<\/p>\n<p><strong>So,<\/strong><\/p>\n<ol>\n<li>Regularly update your website<\/li>\n<li>Don&#8217;t use too many <a href=\"https:\/\/www.wpbeveiligen.nl\/wordpress-beveiliging-plugins\/\">plugins<\/a><\/li>\n<li>Use <a href=\"https:\/\/www.wpbeveiligen.nl\/veilig-wachtwoord-kiezen\/\">strong passwords<\/a><\/li>\n<li>Install an <a href=\"https:\/\/www.wpbeveiligen.nl\/plugins\/\">Antivirus plugin for WordPress<\/a> that prevents injections, hacks, and hackers (<em>Configure it properly!!<\/em>)<\/li>\n<li>Keep only the theme you&#8217;re using on the server<\/li>\n<li>And lastly, but the first thing you should do now: <a href=\"https:\/\/www.wpbeveiligen.nl\/backup-maken-wordpress-website\/\">back up<\/a> your website!<\/li>\n<\/ol>\n<p>If you&#8217;re having trouble, <a href=\"https:\/\/www.wpbeveiligen.nl\/contact\">hire us<\/a>. It will save you a lot of headache and time, and you&#8217;ll know that your website is in professional hands.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Hackers, click away. We&#8217;re not going to teach you how to hack WordPress!! Now that the hackers are gone, let&#8217;s continue with this article. The text editor hack A common hack, you see nothing on the page and nothing in your editor. Until you click on the Text editor tab! Suddenly, there&#8217;s ugly code. Don&#8217;t [&hellip;]<\/p>\n","protected":false},"author":4,"featured_media":9657,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[186],"tags":[],"_links":{"self":[{"href":"https:\/\/wpbeveiligen.nl\/wp-json\/wp\/v2\/posts\/21454"}],"collection":[{"href":"https:\/\/wpbeveiligen.nl\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/wpbeveiligen.nl\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/wpbeveiligen.nl\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/wpbeveiligen.nl\/wp-json\/wp\/v2\/comments?post=21454"}],"version-history":[{"count":0,"href":"https:\/\/wpbeveiligen.nl\/wp-json\/wp\/v2\/posts\/21454\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/wpbeveiligen.nl\/wp-json\/wp\/v2\/media\/9657"}],"wp:attachment":[{"href":"https:\/\/wpbeveiligen.nl\/wp-json\/wp\/v2\/media?parent=21454"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/wpbeveiligen.nl\/wp-json\/wp\/v2\/categories?post=21454"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/wpbeveiligen.nl\/wp-json\/wp\/v2\/tags?post=21454"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}