URL injection is when a malicious individual attacks your website through the insertion of dangerous code that makes it appear as though your website gives credit to a detrimental site.
Over 74 million websites run on the WordPress platform today — and that number is growing constantly. Although this makes WordPress a popular and supported form of content management software and website maintenance, it also means that it can be a highly lucrative target for hackers.
Approximately 50% of the WordPress sites online today are self-hosted, meaning that the administrator for the website is responsible for the security and maintenance of that site. Though there are numerous methods available for improving security on WordPress, only a few companies complete these measures, meaning that they become open to attacks from various different angles.
Here, we’re going to look into the definition behind URL injections, how you can detect them, and what you can do to nurse your website back to health after it’s been affected.
What is An URL Injection?
Because websites like WordPress run on a database-backed platform that executes numerous PHP server-side-scripts, it can be vulnerable to a series of attacks — such as URL injection, or malicious link insertion. Commands in WordPress are sent through URL parameters, which hackers can easily warp and abuse — causing WordPress to act without authorization, or misinterpret its job. In simple terms, URL injections take place when an individual attempts to manipulate your online database through the commands sent by the URL.
Often, this form of hacking involves the creation of new pages throughout your website by hackers — often containing dangerous bits of code or spam links that can make your site a security risk to visitors. Often, the new pages that are created are packed full of code that re-directs your visitors to dangerous locations, or allows your webserver to participate in attacks that you may not even be aware of.
There are numerous ways in which an attacker can gain access to your site — from exploiting vulnerable or older versions of software, to utilizing insecure directories, or hacking a number of third-party plugins – something particularly common in WordPress. What that hacker does with your website when they gain access can leave you in serious trouble.
Detecting URL Injections on Your Website
In order to stop a hacker from doing further damage to your website, and the traffic that visits it — you will first need to confirm that you have been the victim of an URL injection attack. In most circumstances, link injection can be hard to detect, as many of the outgoing links used are masked by legitimate code, or encoded to make them practically invisible. Fortunately, there are a number of solutions available that could help you to track down dangerous code.
One initial option is to use Google to determine whether your website is harboring spam links in the first place. For instance, you can search for your domain alongside keywords for spam by entering a site query such as: “site: www.websitename.com casino.”
Other solutions include conducting a WordPress security scan, and searching for malicious code that appears at the top of your WordPress PHP files. For instance, if you see /**/eval(base_64 decode in any of your blog content, you may have already been compromised.
Often, people only begin to notice that there may be an issue of URL injection on their website when they recognize a drop in their page ranking. In some circumstances, experts recommend that you should not search for URL injection issues in your website by using a browser, as this can allow malware to spread. Instead, it may be beneficial to make use of webmaster tools such as “Fetch as Google” – a source that gives you the opportunity to see your website through the eyes of a machine — rather than as you would typically see it as a consumer.
How to Fix URL Injection Damage
In certain circumstances, you may find that you need to completely reinstall your entire site database if you want to remove every hidden link. Although some less talented hackers may use the same injection code throughout — making cleaning easy with the use of the find/replace tool — this will not always be the case.
It’s worth noting that removing the malicious pages from your website will not remove any vulnerabilities that originally gave the hacker access to your website. Even if you manage to remove every illegitimate link from your website, you should also be taking steps to reduce your chances of damage in the future. For some people, this may mean simply updating WordPress software, whereas others may need to update security throughout every aspect of their website — from changing admin usernames and passwords, to checking file permissions, contacting web hosts, and so on.
Get in touch today to find out how RelationEdge Digital Agency can help you.