Once again about malware | WordPress.org

Resolved iframe
(@iframe)

1 year, 10 months ago

Hi.

I was cleaning an infected site, there’s a bunch of comments filled with

"onmouseover=\"eval(atob(\'" long string

I wonder isn’t WordPress supposed to sanitize the comment input form?

Thank you.

Viewing 3 replies - 1 through 3 (of 3 total)

Moderator threadi
(@threadi)

1 year, 10 months ago

With KSES, WordPress offers a function to clean up the HTML code in the frontend, i.e. only permitted HTML elements and attributes are displayed there. However, this is only used if the theme used and plugins that output in the frontend also use KSES. Improper programming of themes and plugins can lead to problems at this point. With a hacked website, you can also never be sure how KSES is affected. Anything can happen through such a hack, which is difficult to grasp and limit.

My recommendation would therefore always be not to try a cleanup first but to use a clean backup directly. The project should then be secured.

See also:
https://wordpress.org/documentation/article/faq-my-site-was-hacked/
https://developer.wordpress.org/advanced-administration/security/hardening/

Thread Starter iframe
(@iframe)

1 year, 10 months ago

oh, I see.

The theme is question doesn’t have wp_kses() function.

Thank you!

Moderator threadi
(@threadi)

1 year, 10 months ago

There are various wp_kses functions, e.g.wp_kses_post(). If this clarifies the question for you, you are welcome to set the topic to solved.

Viewing 3 replies - 1 through 3 (of 3 total)

The topic ‘Once again about malware’ is closed to new replies.

In: Fixing WordPress
3 replies
2 participants
Last reply from: threadi
Last activity: 1 year, 10 months ago
Status: resolved

Topics

Topics with no replies

Non-support topics

Resolved topics

Unresolved topics

All topics