Hack via Classic Editor

  • Hello,

    Today, my blog started to redirect to spammy websites.

    As I did not know where the hack came from, I asked OVH to restore my FTP files thanks to a back-up. And I did the same for the database.

    But the issue was still here with clean files.

    I was not able to access my WP-Admin because of the redirect, so I tried to deactivate Javascript via Chrome. And the issue was gone.

    Then, I deactivated all my plugins thanks to my FTP, and I reactivated them to see where was the issue.

    And the issue is… CLASSIC EDITOR!

    Apparently, the hack used a breach in Classic Editor and a Javascript redirect.

    So, be careful!

Viewing 1 replies (of 1 total)
  • Plugin Author Andrew Ozz

    (@azaozz)

    Hi @mathieuflex, couple of things:
    – The Classic Editor plugin is secure and there aren’t any known issues with it. What you’ve experienced is most likely a breach of your web hosting account where the attacker gained access to the WordPress files. In these cases it is a common occurrence to “hide” a payload somewhere in a plugin or theme file. I suspect Classic Editor was used as it is a commonly installed plugin. If you still have your old “hacked” plugin files (there are only 2 files in the plugin), please compare them with a freshly downloaded copy.
    – If you have any information about a security breach, please email [email protected]. Never disclose it or discuss it publicly. I’m sure you don’t want to get other people’s sites hacked ??

Viewing 1 replies (of 1 total)
  • The topic ‘Hack via Classic Editor’ is closed to new replies.

Tags