WordPress Hack Modifies Core Files to Share Spam
Recent WordPress Core Files Being Hacked
Wednesday, the security company Sucuri posted this blog post in which they detailed their investigation regarding a WordPress website whose core files were hacked. The purpose of the hack was to spam and redirect users to malicious domains that were offering “Windows Keys”
Noting that the attack used a code injection designed to avoid detection by search engines that might otherwise blacklist the site or warn users of a potential hack.
Sucuri Notes this issue directly:
Our first step was to find what caused this redirect. After careful analysis, we detected that one of the WordPress core files had been changed and malicious content injected at the top of the wp-includes/template-loader.php file
Make sure to take a look at your own files from time to time. Double check your own template-loader.php and make sure it is consistent with teh core repository.