Let's put ourselves in the shoes of hackers attacking WordPress sites. Let's understand how they think and operate, so we can better protect ourselves.
To generate revenue, pirates will do anything. They distract visitors pirated sites via sponsored links or redirections, or add inopportune advertising of which they reap the rewards. They also sometimes add links to other infected sites in an attempt to get them listed on Google.
Often without limits, they also go so far as to host phishing on your site. In other words, copies of institutional sites. This enables them to refer victims to whom they have previously sent fake e-mails pointing to these links, and thus to retrieve their personal login details for these real accounts. In some cases, these may be bank or health accounts.
At LRob, we have numerous safety measures to detect and totally block hackers, and we also blacklist them to help the web community. Your web hosting benefit from a safety bulwark vastly improved by the standard, so you can sleep soundly at night.
Contents
The pirates' goal
Hackers are generally motivated by money. Although their attacks are often stupid and nasty, you shouldn't underestimate them, because some of them are clever.
More marginally, we can also observe hacking competitionsometimes taking place at events such as "hackathonSometimes, on the other hand, the site is completely defaced. However, I haven't observed this type of hack for a few years, so it seems that this practice is being lost for the time being.
Why attack WordPress sites?
WordPress is widely used, with 43% websites worldwide. This makes it a target of choice for hackers. Attacking WordPress allows them to maximize their results in their attacks. It's exactly the same principle as with Windows, which is the most popular operating system and therefore the most attacked.
Also, WordPress is very rich in terms of code and functionality, as well as documentation. So much so that numerous vulnerabilities are regularly made public. It is important to note that vulnerabilities also and above all concern numerous plugins and themes from WordPress.
Hackers' modus operandi
It is relatively easy to identify bulk WordPress sites on the Internet. Pirates therefore create WordPress site listings.
They will then cross-reference these lists with the known security vulnerabilities from WordPress.
They then have to write or find "exploitsi.e. queries or code to be used to exploit these vulnerabilities.
Once they have found their "exploits", they program robots which automatically attempt to use them on all these sites. These bots are often set up on previously infected servers and personal computers. Together, these bots are known as "botnet.
To attack more effectively, some more skilled hackers will first list the plugins and themes installed on each site and their versions. By knowing the version of the scripts, anyone who may be aware of the security holes in each version.
In fact, this is one of the actions carried out during a WordPress security audit. Hackers use this method to find and exploit vulnerabilities in each site much more effectively.
This type of detection is blocked by the server security on our secure web hosting.
Some pirates are even more gifted plan their attacks in advance, sometimes targeting numerous sites of a particular host, in an attempt to saturate user support and keep their hack going as long as possible.
This is how we see waves of piracy. Note that some waves of hacking also occur because a new flaw has been discovered by hackers before it has been corrected by developers. This is known as a "zero-day vulnerability.
Targeted attacks
Your site doesn't have to be specifically targeted to be hacked. As we've seen, hackers attack thousands, if not millions, of WordPress sites every day by automated means. This means that even very small sites with just a few dozen visitors a day, or the sites of small associations or local authorities, can be hacked.
Nevertheless if your site has a security flaw of any kind, a targeted attack, operated and directed directly by a hacker, will very quickly result in the complete hacking of your site.
Targeted attacks are relatively rare (less than 3% of hack cases in my experience). The targets of choice in this case are mainly political, media or ideological.. In other words, targeted attacks tend to be aimed at institutional sites or sites with ideologically charged content. If this is your case, don't wait until it's too late and treat yourself to a WordPress security audit.
Further information
Check if my site is vulnerable
You can test the vulnerability of your website via my WordPress security audit.
In the case of dedicated server hosting, the LRob audit also looks for server vulnerabilities.
But the ideal is still tohost your site with LRob to benefit from a large number of safety measures. With impeccably secure servers and alerts in the event of a WordPress flaw, whether in the core, a plugin or a theme. It's a kind of permanent audit that ultimately costs much less.
And if you don't even want to think about it, then es offers Webmastering WordPress LRob are made for you. They let you delegate all maintenance and safety aspects, so you can sleep soundly at night.
What can I do if my site has already been hacked?
If your site is hacked, then it needs to be repaired and secured. In almost all cases, your data is not lost and can be repaired. Consult the page dedicated to repairing hacked WordPress sites to see the right reactions to have and call on my services. During a repair, a vulnerability audit is also carried out.
Leave a Reply