Let's put ourselves in the shoes of hackers attacking WordPress sites.
Let's understand how they think and operate, to better protect ourselves.
The pirates' goal
Hackers are generally motivated by money. Although their attacks are often stupid and nasty, you shouldn't underestimate them, because some of them are clever.
To generate revenue, pirates will do anything. They distract visitors pirated sites via sponsored links or redirections, or add inopportune advertising of which they reap the rewards. They also sometimes add links to other infected sites in an attempt to get them listed on Google.
Often without limits, they even host phishing on your site. In other words, copies of institutional sites. This enables them to refer victims to whom they have previously sent fake e-mails pointing to these links, and thus to retrieve their personal login details for these real accounts. In some cases, these may be bank or health accounts.
In the targeted hackingmotivation is ideological or political.
More marginally, we can also observe hacking competitionsometimes taking place at events such as "hackathonSometimes, on the other hand, the site is completely defaced. However, I haven't observed this type of hack for a few years, so it seems that this practice is being lost for the time being.
Why attack WordPress sites?
WordPress is widely used, with 43% websites worldwide. This makes it a target of choice for hackers. Attacking WordPress allows them to maximize their results in their attacks. It's exactly the same principle as with Windows, which is the most popular operating system and therefore the most attacked.
Also, WordPress is very rich in terms of code and functionality, as well as documentation. So much so that numerous vulnerabilities are regularly made public. It is important to note that vulnerabilities also and above all concern numerous plugins and themes from WordPress.
Hackers' modus operandi
It is relatively easy to identify bulk WordPress sites on the Internet. Pirates therefore create WordPress site listings.
They will then cross-reference these lists with the known security vulnerabilities from WordPress.
They then have to write or find pirate communities "exploits"i.e. queries or code to be used to exploit these vulnerabilities.
Once they have found their "exploits", they program robots which automatically attempt to use them on all these sites. These bots are often set up on previously infected servers and personal computers. Together, these bots are known as "botnet.
To attack more effectively, some more skilled hackers will first list the plugins and themes installed on each site and their versions. By knowing the version of the scripts, anyone who may be aware of the security holes in each version. In fact, this is one of the actions carried out during a WordPress security audit. Hackers use this method to find and exploit vulnerabilities in each site much more effectively.
Some pirates are even more gifted plan their attacks in advance, sometimes targeting numerous sites of a particular host, in an attempt to saturate user support and keep their hack going as long as possible.
This is how we see waves of piracy. Note that some waves of hacking also occur because a new flaw has been discovered by hackers before it has been corrected by developers. This is known as a "zero-day vulnerability.
Targeted attacks
Your site doesn't have to be specifically targeted to be hacked. Because, as we've seen, hackers attack thousands of WordPress sites a day in an automated fashion. This means that even very small sites with just a few dozen visitors a day, or the sites of small associations or local authorities, can be hacked.
Nevertheless if your site has a security flaw of any kind, a targeted attack, operated and directed directly by a hacker, will very quickly result in the complete hacking of your site.
Targeted attacks are relatively rare (less than 3% of hack cases in my experience). The targets of choice in this case are mainly political, media or ideological.. In other words, targeted attacks tend to be aimed at institutional sites or sites with ideologically charged content. If this is the case for you, don't wait until it's too late and treat yourself to a WordPress security audit.
Further information
Check if my site is vulnerable
You can test the vulnerability of your website via my WordPress security audit.
Please note that this service is included in my Webmastering Critical. WordPress scripts are updated on a daily basis, I receive an e-mail in the event of a vulnerability, and I monitor obsolete scripts. I also manage to detect the activity of hacker bots on my hosts and automatically block hundreds of them every day. Manual attacks are also blocked; for example, during an audit of a site I host, a major security group asked me to unblock them so they could continue their tests, as all their IPs had been automatically blocked by my security systems.
Leave a Reply