Malicious redirects are very common in compromised websites. Attackers DO TAKE ADVANTAGE of the site resources to promote spam, distribute other malware, backdoors, and perform all kinds of malicious activities.
Sucuri, during an Incident Response investigation, found that malicious redirects were coming from a JavaScript loading via the website enmask.com, which is part of a WordPress plugin called “Enmask Captcha”.
“This plugin hasn’t been updated in over 2 years. It may no longer be maintained or supported and may have compatibility issues when used with more recent versions of WordPress.“
Their domain appears to have expired and somebody else purchased it and now anyone using this plugin would experience redirects on their website since the new owner of the domain is deliberately hijacking users.
If you use this plugin, we advise to immediately remove and/or replace it with another one which is still supported and could provide you similar functionalities.
Protect your WordPress: BEFORE IT’S TOO LATE! You will also protect your customers, your reputation and your online business!
