WordPress Security: Even Your Site Is Interesting for Hackers

Tobias Schüring Updated on 23.01.2020
5 Min.
Hacker attacks on WordPress : Yours site  is also interesting for hackers

28.4 percent of the largest websites in the world run under WordPress . This high distribution makes WP sites them a popular target for hackers. Especially operators smaller often sites think they are safe, because who would hack a blog with low range or without sensitive data? Today I will show you why this is a dangerous fallacy when it comes to WordPress security.

WordPress is particularly interesting for attackers because it so many sites use. For many forms of attack do not depend on the "quality" of the hacked targets, but simply on being able to infiltrate as many sites as possible automatically. How it can look like when a vulnerability is systematically exploited is shown in the example of the Security vulnerability With WordPress 4.7.1. Countless sites were defaced at that time on the start page with the note "hacked by".

The security company Sucuri had found the weakness and passed it on to WordPress And although the issue was addressed in WordPress 4.7.2, after the exploit was made public Millions hacked sites in so-called defacement attacks.

The example shows that really every WordPress site is interesting to attackers. In most cases, the attacks are carried out completely automatically. Today I'm going to show you what such an attack may look like, what the target of hackers is and what consequences it can have for you and yourssitesonce yours site has been successfully hacked.

Hackers want your WordPress sites hijack

As I said: Most of the time it is not at all about how big it site is or what is available there. A lot of websites that have not plugged certain security holes are simply attacked automatically. Once infected, they site can be misused, for example, to send spam or even distribute malware to visitors to the site .

In this way, hackers create a network of malware suppliers or a botnet that they can later use for DDoS or Brute Force Attacks can abuse. The individual site is therefore often only interesting as part of a larger whole. And the more sites an attacker hijacks or infects, the more valuable his malware machine becomes.

Number of attacks on WordPress is increasing

The number of attacks on websites is currently tending to increase. According to Google 2016 32 percent more sites hacked than in 2015. One of the most common types of attack was the so-called Brute Force Attacks. Here, the user tries to enter the correct combination of login and password by simple guessing. Or the attackers may already have lists of passwords that they are trying out.

This is also underlined by the figures of the security provider Wordfence. For months now the US American a WordPress steady increase in these attacks.

Hacker Attacks WordPress : Brute Force and Complex Attacks on WordPress  sites  from December 2016 to January 2017.
In contrast to the Complex Attacks, the number of Brute Force attacks is constantly increasing. This is because the latter are not dependent on the existence of specific security gaps.

Reach is the capital of hackers

This can be illustrated very well using the example of a botnet. A botnet is a network of hijacked websites (which can also be Internet-enabled end devices or routers) that is used to launch DDoS attacks against websites or servers, for example. The elements of the botnet are activated and bombard the target on command with so many requests that it site collapses or the server is overloaded.

The more websites a hacker can add to his botnet, the more powerful and thus valuable it becomes. But this also means that capturing the WordPress installations is often only the first step for hackers. The second step is to create something that can be monetized.

The three Is: Inform, identify, infiltrate

Roughly speaking, non-specific WordPress hacks can be divided into three phases:

Hacker attacks WordPress : 3 phases of a prototype attack on WP
As soon as an attacker knows about a security hole, the real work begins: he has to write a program that can find out whether the vulnerability exists and then automatically exploit it.

Phase 1: Obtaining information

In the first step, the attacker searches for knowledge of known or unknown vulnerabilities in WordPress . This is possible, for example, via platforms such as the WPScan Vulnerability Database .

For the defacement attacks I mentioned at the beginning of this post, a look at WordPress.org would have been enough.

Phase 2: Identify attack vectors

Now an attacker knows where to start and in phase 2 he has to write a script that allows him to pick out from the crowd sites those who have the vulnerability. With the defacement attacks on WordPress 4.7. and 4.7.1 this was easily done by reading the WordPress version.

Phase 3: Automated attacks

Once found, the attacker can - again automatically - site hack and make the (un)desired changes. Some typical examples are:

  • Data theft: An attacker tries to steal sensitive data from yours site or your site visitors. This could be email addresses or bank details - but in principle anything that can be sold or reused is interesting. For example, a hacker can site place a fake form on yours that steals all the data you enter. And all this in a completely trustworthy environment and also SSL-encrypted.
  • Kidnapping the site : An attacker can take your WordPress site into a botnet. This way the hacker secures control over yours site and it is possible for him to launch DoS or DDoS attacks on command.
  • Imitate malicious code: Here malicious code is placed on yourssite . An attacker can, for example, abuse your advertising space for his own purposes or site place forms on yours that steal your users' personal data.

In most cases WordPress hacks cost time and money

It is not possible to say in general terms what costs are incurred by WordPress hackers and what direct or indirect consequences an attack may have. But hacked site operators must actually always be prepared for these three consequences:

1) Cost of restoration

Every day millions of attacks on WordPress sites instead. 35 million for April 2017 alonePlugin.Wordfence Brute Force Attacks and 4.8 million exploit attacks daily. In other words, there is no absolute certainty. All you can do is minimize the chance of being hacked and create mechanisms that will allow you to restore yours site quickly if the worst comes to the worst.

At best, you have a Backup site and you can simply bring this back in. If the backups are also infected or a recovery is not possible, it will be more complicated. Then there is still time and cost for the manual removal of the Malware.

2) Loss of sales

Depending on what type of malicious code has been installed and how long yours site needs to be maintained, you may also incur costs in the form of lost revenues from advertising and sales.

3) Loss of confidence

Google sees everything: A hacked site one often contains malicious code that spreads malware. If Google detects this - and you do nothing about it - yours site will end up on a blacklist. When you call up the website, a security notice will then appear for the visitor with a warning against malware or phishing. This can also cause your Search Engine Ranking Position (SERP) to suffer and you can lose a lot of reach.

Conclusion: Attacks on WordPress sites are perfectly normal

Of course, this article is not intended to create unfounded panic. But what it is intended to illustrate: Just because you site have a "small" one doesn't mean you shouldn't actively address the issue of website security.

For example, it is important to know that the majority of vulnerabilities are caused by regular updating can be eliminated. And that a SSL certificate that doesn'site t protect you from hacker attacks.

First, I mentioned that the sheer size of WordPress being a CMS makes each site one a potential target. But this size also brings with it a crucial advantage: a worldwide community of volunteers and WordPress company employees work around the clock to make it WordPress safer. So sooner or later there will be an adequate solution for every vulnerability and every problem.

Related articles

Comments on this article

Write a comment

Your email address will not be published. Required fields are marked with * .