You didn’t provide a link to look at and I highly doubt WC is to blame for such an attack. Could be another plugin or your theme or even someone on your shared hosting. Could be hundreds of things but I highly doubt it is WC.
Provide a URL. Has anyone run a grep scan on your server?
so i got an email from “netcraft takedown service” @netcraft.com.
Alerting me from a pishing scam ON my website.
I allmost removed it as spam, but the fact that they bothered to write in my countries main languages, suggested they were serious. i verified what they said, and indeed, in the b2b map i made, there was a file EWC.PHP
It loaded a fake bankpage, in order to steal simpletons informations.
If you have a filemanager, one might want to search for this file, just to make sure.
The main issue is that it is unclear where it comes from. It might come back.
-
This reply was modified 5 years, 7 months ago by pekkie85.
you have to hire a person that knows how to handle this stuff. most hosting companies will not touch your files or run a scan for you.
first call your hosting company and discuss with them what’s going on. your entire directory needs to be scanned for backdoors, plugins need to be updated to perfection. do not change any passwords until you have remedied the issue in full.
if you know how to shell (SSH) you can grep a command to -R eval and or eval. with a dot at the end and this will scour your entire directory to find the issues.
you have to know how to do this though. if you don’t know you need to find someone, hire them that knows.
It is worth to investigate website access logs to find malicious/suspicious HTTP requests as the infection could be injected via some vulnerable module installed on your site.
To prevent such infection in future you need to setup WAF that will block such attacks.
i found a security plugin wich actually fights this vulnarability in ALL WP sites.
so, not just Woocommerce. its called iThemes security, and under “wordpress tweaks” it has (ll the way down) a setting; “Protect Against Tabnapping ”
Alter target=”_blank” links to protect against tabnapping
Enabling this feature helps protect visitors to this site (including logged in users) from phishing attacks launched by a linked site. Details on tabnapping via target=”_blank” links can be found in this article.
https://www.jitbit.com/alexblog/256-targetblank—the-most-underestimated-vulnerability-ever/
then, it is also advised to scroll through its other settings, its quite an impressive solution, and free. (im in no way affiliated) just impressed. It can do a range of things that indeed, that would make it a lot harder to hack a WP install.
There you go. I’m amazed that it will remove the hack and tighten up backdoors.
I would suggest using Wordfence as well.
They work well together in helping keep a site free of issues.
https://www.wordfence.com/help/scan
You can scan the front of the site with the above link and if you install the plugin and run a scan it will report files that seem incorrect. Generally, it does this by comparing them vs the files directly from the WP repo.
Sites I have come across that have been infected tend to have it other places as well.