Wordpress Hack

Posted on: 2018-11-22

The site has been broken for a few days, because it was hacked. After some hunting around it looks like there was a vulnerability in GDPR compliance plugin.


The hack enabled the hackers to change the site address to point to

https colon slash slash mytemplatewebsite.com slash 0.js?

I've replaced slashes and colons, to make the above not a valid url so nothing follows it.

Which then went to show a load of malware and rubbish. If you tried to login to the site to fix this, it would redirect to a login page on this site. If you typed in your password, then then password would be picked up by the hackers.