There have been over 5,000 WordPress sites that have been infected with malicious script that logs keystrokes and sometimes loads an in-browser cryto-currency miner.
The malicious script is being loaded from the “cloudflare.solutions” domain, which IS NOT affiliated with Cloudflare in any way, and logs anything that users type inside form fields as soon as the user switches away from an input field.
The script is loaded on both a site’s frontend and backend, meaning it can also log usernames and passwords when logging into a site’s admin panel.
On most WordPress sites that have been infected for the user it will only effect user data in the comments field. However for e-commerce sites that have been infected this could also lead to a breach of user personal information as well as credit card information.
Sucuri experts recommend the following advice for owners who spot the script.
How To Mitigate If Found
As we already mentioned, the malicious code resides in the function.php file of the WordPress theme. You should remove the add_js_scripts function and all the add_action clauses that mention add_js_scripts. Given the keylogger functionality of this malware, you should consider all WordPress passwords compromised so the next mandatory step of the cleanup is changing the passwords (actually it is highly recommended after any site hack). Don’t forget to check your site for other infections too.
For our clients at Higher Images we are not utilizing the cloudflare.solutions CDN and also we are running Wordfence, Securi and iThemes security to protect this type of hack. For our clients if you have any questions please call us at the office.
Craig Hodgkins is the Chief Technology Officer at Higher Images, Inc. Craig is considered a true pioneer in this ever-changing digital technology field. He has been with the company since its inception in 2000, and is accountable for our successful technologies. He is accountable for everything from SEO, Reputation Management, Local Search, and SMLs, to application development, product development, and website development.
Outside of work, he enjoys writing, playing and producing music, especially the blues. Craig (MSgt Hodgkins) is also a proud combat veteran of the U.S. Marine Corps., where he served for 21 years working in Recon, Communications and Information Systems.
Latest posts by Craig Hodgkins CTO
(see all)
Craig Hodgkins is the Chief Technology Officer at Higher Images, Inc. Craig is considered a true pioneer in this ever-changing digital technology field. He has been with the company since its inception in 2000, and is accountable for our successful technologies. He is accountable for everything from SEO, Reputation Management, Local Search, and SMLs, to application development, product development, and website development.
Outside of work, he enjoys writing, playing and producing music, especially the blues. Craig (MSgt Hodgkins) is also a proud combat veteran of the U.S. Marine Corps., where he served for 21 years working in Recon, Communications and Information Systems.