Demystifying the WP Live Chat Support WordPress Redirect Hack

The recent WordPress JavaScript Redirect hack took everyone by surprise. The XSS JS injection caused the WP Live Chat Support plugin option to be injected with the following malicious code:

This in turn translates into:

The injected script further executes a script from an external domain:

The end result is a malicious redirect to random sites advertising you to download software.

WP Live Chat Support plugin as of yesterday had over 60,000+ active installs as per the WordPress plugin repository and was disabled for newer installs.

As a result of this WordPress hack Google flagged many sites as malicious and also disabled Google Ads campaigns of many publishers.

The solution is not just to disable the rogue plugin but also to clean up the WordPress database infection. If you need assistance, you can consider our WP Malware Removal Service.

Fix WordPress Redirect Malware Now! Permanent Removal. Full Cleanup with report.