Malicious Code Injected Into WordPress Themes Redirects Users to Other Websites

Published
Written by:
Lore Apostol
Lore Apostol
Cybersecurity Writer

Malicious code injected into WordPress themes has emerged as a significant cybersecurity threat, as attackers have exploited vulnerabilities within WordPress theme files. Recent investigations revealed malware embedded into the footer.php file of a WordPress theme. 

WordPress themes, being integral to a website's design and functionality, load on every page. This makes them an attractive target for attackers seeking widespread impact. 

This file typically handles tasks like displaying copyright information but was manipulated to include malicious scripts, the latest Sucuri report says.

The URL the victim site was redirected to
The URL the victim site was redirected to | Source: Sucuri

The attacker injected a block of code that executed a function called r2048(), which fetched a target URL from a remote server. The function used tools like cURL or PHP’s file_get_contents() to retrieve the URL. 

Once processed, the code redirected visitors to the attacker’s desired webpage. 

WordPress theme code injection
WordPress theme code injection | Source: Sucuri

This dynamic capability gave hackers control over where victims were redirected, tailoring their attacks to user devices or browsers. Such methods rely on hidden code within theme files, making detection challenging unless administrators thoroughly inspect their file directories. 

The consequences for affected sites extend beyond visitor annoyance, as these redirects can lead users to phishing sites, spam networks, or even locations harboring malware.

These incidents can serve as gateways for further exploitation, such as embedding spyware or stealing sensitive information. Inserting spammy links from dangerous portals into hijacked legitimate websites is a common approach, though.


For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: