Which Sites Are Infected?
The recent exploit is actually not the only malware threat on infected sites. In a majority of cases, the infected sites had several security vulnerabilities resulting in a number of other infections. Just a minority of sites showed that the infection was only found in the theme’s header.php file.
How to Detect the Malware
The malware code is not without flaws. That is, it often tests for parameters that do not exist, which results in a PHP error. Since some servers have PHP notices turned off, the error is not always displayed; but a Google search of “Notice: Undefined index: 6FoNxbvo73BHOjhxokW3” may reveal the malware code on your server.
Sucuri shared that some Google search results could reveal errors in the theme footer file. That is because the malware previously infected footer.php files and placed a similar redirect code at the top of those files. The attack moved to header.php files and re-infected sites that had the malware code in their footer.php file. Even though the malware has been updated, the redirects send visitors to the exact same pages.
How to Remove Malware
Removing malware is a multi-step process that you may want to consult a WordPress expert on. If you’re not that experienced in security yourself, odds are you’ll only make things worse. Businesses specialized in WordPress such as our very own Semper Fi Web Design team can address all your security concerns.
But for now, let’s take a look at what you can do in general to protect your site from such attacks.