{"id":3175,"date":"2023-10-08T17:07:11","date_gmt":"2023-10-08T16:07:11","guid":{"rendered":"https:\/\/www.lrob.fr\/?p=3175"},"modified":"2025-04-27T10:48:48","modified_gmt":"2025-04-27T08:48:48","slug":"why-and-how-to-attack-wordpress-sites","status":"publish","type":"post","link":"https:\/\/www.lrob.fr\/en\/blog\/internet\/wordpress\/securite-wordpress\/attaques-de-sites-wordpress-pourquoi-et-comment\/","title":{"rendered":"WordPress site attacks: Why and how do hackers operate?"},"content":{"rendered":"<div class=\"wp-block-group gutenify-section-32e4bb10-6603-11ee-bb51-3b5f0d44e814 is-layout-flow wp-block-group-is-layout-flow\" style=\"padding-right:var(--wp--preset--spacing--50);padding-left:var(--wp--preset--spacing--50)\">\n<p class=\"gutenify-section-8050a2c0-6602-11ee-af87-f7c9e4847b90\"><strong>Let's put ourselves in the shoes of hackers attacking WordPress sites. Let's understand how they think and operate, so we can better protect ourselves. <\/strong><\/p>\n\n\n\n<div class=\"wp-block-columns are-vertically-aligned-center is-layout-flex wp-container-core-columns-is-layout-28f84493 wp-block-columns-is-layout-flex\">\n<div class=\"wp-block-column is-vertically-aligned-center is-layout-flow wp-block-column-is-layout-flow\" style=\"flex-basis:33.33%\">\n<figure class=\"wp-block-image size-medium\"><img loading=\"lazy\" decoding=\"async\" width=\"300\" height=\"300\" src=\"https:\/\/www.lrob.fr\/wp-content\/uploads\/2023\/11\/angry-hacker-pirate-300x300.jpg\" alt=\"angry-hacker-pirate\" class=\"wp-image-3573\" srcset=\"https:\/\/www.lrob.fr\/wp-content\/uploads\/2023\/11\/angry-hacker-pirate-300x300.jpg 300w, https:\/\/www.lrob.fr\/wp-content\/uploads\/2023\/11\/angry-hacker-pirate-150x150.jpg 150w, https:\/\/www.lrob.fr\/wp-content\/uploads\/2023\/11\/angry-hacker-pirate.jpg 1024w\" sizes=\"auto, (max-width: 300px) 100vw, 300px\" \/><\/figure>\n<\/div>\n\n\n\n<div class=\"wp-block-column is-vertically-aligned-center is-layout-flow wp-block-column-is-layout-flow\" style=\"flex-basis:66.66%\">\n<p>To generate revenue, pirates will do anything. They <strong>distract visitors<\/strong> pirated sites via sponsored links or redirections, or add <strong>inopportune advertising<\/strong> of which <strong>they reap the rewards<\/strong>. They also sometimes add links to other infected sites in an attempt to get them listed on Google.<\/p>\n\n\n\n<p>Often without limits, they also go so far as to host <strong>phishing <\/strong>on your site. In other words, copies of institutional sites. This enables them to refer victims to whom they have previously sent fake e-mails pointing to these links, and thus to retrieve their personal login details for these real accounts. In some cases, these may be bank or health accounts.<\/p>\n<\/div>\n<\/div>\n<\/div>\n\n\n\n<div class=\"wp-block-group alignfull gutenify-section-d983a610-6604-11ee-bb51-3b5f0d44e814 has-global-padding is-layout-constrained wp-container-core-group-is-layout-92b9201d wp-block-group-is-layout-constrained\">\n<p>At LRob, we have <a href=\"https:\/\/www.lrob.fr\/en\/features\/secure-web-host-cybersecurity\/\">numerous safety measures<\/a> to detect and totally block hackers, and we also blacklist them to help the web community. Your <a href=\"https:\/\/www.lrob.fr\/en\/web-hosting\/\">web hosting<\/a> benefit from a safety bulwark vastly improved by the standard, so you can sleep soundly at night.<\/p>\n\n\n\n<div class=\"wp-block-rank-math-toc-block\" id=\"rank-math-toc\"><h2>Contents<\/h2><nav><ol><li><a href=\"#le-but-des-pirates\">The pirates' goal<\/a><\/li><li><a href=\"#pourquoi-attaquer-des-sites-word-press\">Why attack WordPress sites?<\/a><\/li><li><a href=\"#mode-operatoire-des-pirates\">Hackers' modus operandi<\/a><\/li><li><a href=\"#attaques-ciblees\">Targeted attacks<\/a><\/li><li><a href=\"#verifier-si-mon-site-est-vulnerable\">Check if my site is vulnerable<\/a><\/li><li><a href=\"#que-faire-si-mon-site-est-deja-pirate\">What can I do if my site has already been hacked?<\/a><\/li><\/ol><\/nav><\/div>\n\n\n\n<h2 class=\"wp-block-heading gutenify-section-b33b3aa0-65ea-11ee-ab40-73a001de26da\" id=\"le-but-des-pirates\">The pirates' goal<\/h2>\n\n\n\n<p class=\"gutenify-section-c37b62a0-65ea-11ee-ab40-73a001de26da\"><strong>Hackers are generally motivated by money.<\/strong> Although their attacks are often stupid and nasty, you shouldn't underestimate them, because some of them are clever.<\/p>\n\n\n\n<p class=\"gutenify-section-16387d80-6603-11ee-bb51-3b5f0d44e814\">More marginally, we can also observe <strong>hacking competition<\/strong>sometimes taking place at events such as <strong>\"hackathon<\/strong>Sometimes, on the other hand, the site is completely defaced. However, I haven't observed this type of hack for a few years, so it seems that this practice is being lost for the time being.<\/p>\n<\/div>\n\n\n\n<div class=\"wp-block-group alignfull gutenify-section-f59c0810-6604-11ee-bb51-3b5f0d44e814 has-global-padding is-layout-constrained wp-container-core-group-is-layout-92b9201d wp-block-group-is-layout-constrained\">\n<h2 class=\"wp-block-heading gutenify-section-2efe8990-65ea-11ee-ab40-73a001de26da\" id=\"pourquoi-attaquer-des-sites-word-press\">Why attack WordPress sites?<\/h2>\n\n\n\n<div class=\"wp-block-columns are-vertically-aligned-center is-layout-flex wp-container-core-columns-is-layout-28f84493 wp-block-columns-is-layout-flex\">\n<div class=\"wp-block-column is-vertically-aligned-center is-layout-flow wp-block-column-is-layout-flow\" style=\"flex-basis:33.33%\">\n<figure class=\"wp-block-image size-medium\"><img loading=\"lazy\" decoding=\"async\" width=\"300\" height=\"169\" src=\"https:\/\/www.lrob.fr\/wp-content\/uploads\/2022\/06\/wordpress-code-is-poetry-300x169.png\" alt=\"\" class=\"wp-image-1488\" srcset=\"https:\/\/www.lrob.fr\/wp-content\/uploads\/2022\/06\/wordpress-code-is-poetry-300x169.png 300w, https:\/\/www.lrob.fr\/wp-content\/uploads\/2022\/06\/wordpress-code-is-poetry-150x84.png 150w, https:\/\/www.lrob.fr\/wp-content\/uploads\/2022\/06\/wordpress-code-is-poetry-1024x576.png 1024w, https:\/\/www.lrob.fr\/wp-content\/uploads\/2022\/06\/wordpress-code-is-poetry-1536x864.png 1536w, https:\/\/www.lrob.fr\/wp-content\/uploads\/2022\/06\/wordpress-code-is-poetry.png 1920w\" sizes=\"auto, (max-width: 300px) 100vw, 300px\" \/><\/figure>\n<\/div>\n\n\n\n<div class=\"wp-block-column is-vertically-aligned-center is-layout-flow wp-block-column-is-layout-flow\" style=\"flex-basis:66.66%\">\n<p>WordPress is widely used, with <strong>43% websites worldwide<\/strong>. This makes it a <strong>target of choice<\/strong> for hackers. Attacking WordPress allows them to <strong>maximize their results<\/strong> in their attacks. It's exactly the same principle as with Windows, which is the most popular operating system and therefore the most attacked.<\/p>\n\n\n\n<p>Also, WordPress is very rich in terms of code and functionality, as well as documentation. So much so that <strong>numerous vulnerabilities are regularly made public<\/strong>. It is important to note that vulnerabilities also and above all concern <strong>numerous plugins and themes<\/strong> from WordPress.<\/p>\n<\/div>\n<\/div>\n<\/div>\n\n\n\n<div class=\"wp-block-group gutenify-section-45468200-65ec-11ee-ab40-73a001de26da has-global-padding is-layout-constrained wp-container-core-group-is-layout-92b9201d wp-block-group-is-layout-constrained\">\n<h2 class=\"wp-block-heading gutenify-section-41751990-65ea-11ee-ab40-73a001de26da\" id=\"mode-operatoire-des-pirates\">Hackers' modus operandi<\/h2>\n\n\n\n<p class=\"gutenify-section-4679e3d0-65ea-11ee-ab40-73a001de26da\">It is relatively <strong>easy to identify bulk WordPress sites on the Internet<\/strong>. Pirates therefore create <strong>WordPress site listings<\/strong>.<\/p>\n\n\n\n<p class=\"gutenify-section-9050a160-65ea-11ee-ab40-73a001de26da\">They will then cross-reference these lists with the <strong>known security vulnerabilities<\/strong> from WordPress.<\/p>\n\n\n\n<p class=\"gutenify-section-38b80140-65f5-11ee-9c43-2785acbc3e45\">They then have to write or find <strong>\"exploits<\/strong>i.e. <strong>queries or code to be used to exploit these vulnerabilities<\/strong>.<\/p>\n\n\n\n<div class=\"wp-block-columns is-layout-flex wp-container-core-columns-is-layout-28f84493 wp-block-columns-is-layout-flex\">\n<div class=\"wp-block-column is-layout-flow wp-block-column-is-layout-flow\" style=\"flex-basis:33.33%\">\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"1024\" src=\"https:\/\/www.lrob.fr\/wp-content\/uploads\/2023\/10\/serious-hacker-hacking.jpg\" alt=\"\" class=\"wp-image-3288\" srcset=\"https:\/\/www.lrob.fr\/wp-content\/uploads\/2023\/10\/serious-hacker-hacking.jpg 1024w, https:\/\/www.lrob.fr\/wp-content\/uploads\/2023\/10\/serious-hacker-hacking-150x150.jpg 150w, https:\/\/www.lrob.fr\/wp-content\/uploads\/2023\/10\/serious-hacker-hacking-300x300.jpg 300w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n<\/div>\n\n\n\n<div class=\"wp-block-column is-layout-flow wp-block-column-is-layout-flow\" style=\"flex-basis:66.66%\">\n<p>Once they have found their \"exploits\", they program <strong>robots <\/strong>which automatically attempt to use them on all these sites. These bots are often set up on previously infected servers and personal computers. Together, these bots are known as <strong>\"botnet<\/strong>.<\/p>\n\n\n\n<p>To attack more effectively, some more skilled hackers will first <strong>list the plugins and themes installed on each site and their versions<\/strong>. By knowing the version of the scripts, <strong>anyone who may be aware of the security holes<\/strong> in each version.<\/p>\n\n\n\n<p>In fact, this is one of the actions carried out during a <a href=\"https:\/\/www.lrob.fr\/en\/services\/wordpress-audit-consulting\/\">WordPress security audit<\/a>. Hackers use this method to find and exploit vulnerabilities in each site much more effectively.<\/p>\n\n\n\n<p>This type of detection is blocked by the server security on our <a href=\"https:\/\/www.lrob.fr\/en\/web-hosting\/\">secure web hosting<\/a>.<\/p>\n<\/div>\n<\/div>\n\n\n\n<p class=\"gutenify-section-08b3c6a0-65f0-11ee-ab40-73a001de26da\">Some pirates are even more gifted <strong>plan their attacks in advance, sometimes targeting numerous sites of a particular host, in an attempt to saturate user support and keep their hack going as long as possible.<\/strong><\/p>\n\n\n\n<p class=\"gutenify-section-2881dda0-65f0-11ee-ab40-73a001de26da\">This is how we see <strong>waves of piracy<\/strong>. Note that some waves of hacking also occur because a new flaw has been discovered by hackers before it has been corrected by developers. This is known as a <strong>\"zero-day vulnerability<\/strong>.<\/p>\n<\/div>\n\n\n\n<div class=\"wp-block-group gutenify-section-49392380-65ed-11ee-ab40-73a001de26da has-global-padding is-layout-constrained wp-container-core-group-is-layout-92b9201d wp-block-group-is-layout-constrained\">\n<h2 class=\"wp-block-heading gutenify-section-f9fd7a50-65ec-11ee-ab40-73a001de26da\" id=\"attaques-ciblees\">Targeted attacks<\/h2>\n\n\n\n<p class=\"gutenify-section-fed20cd0-65ec-11ee-ab40-73a001de26da\"><strong>Your site doesn't have to be specifically targeted to be hacked<\/strong>. As we've seen, hackers attack thousands, if not millions, of WordPress sites every day by automated means. This means that even very small sites with just a few dozen visitors a day, or the sites of small associations or local authorities, can be hacked.<\/p>\n\n\n\n<div class=\"wp-block-columns is-layout-flex wp-container-core-columns-is-layout-28f84493 wp-block-columns-is-layout-flex\">\n<div class=\"wp-block-column is-layout-flow wp-block-column-is-layout-flow\" style=\"flex-basis:66.66%\">\n<p>Nevertheless <strong>if your site has a security flaw of any kind, a targeted attack, operated and directed directly by a hacker, will very quickly result in the complete hacking of your site.<\/strong><\/p>\n\n\n\n<p>Targeted attacks are relatively rare (less than 3% of hack cases in my experience). <strong>The targets of choice in this case are mainly political, media or ideological.<\/strong>. In other words, <strong>targeted attacks tend to be aimed at institutional sites or sites with ideologically charged content<\/strong>. If this is your case, don't wait until it's too late and treat yourself to a <a href=\"https:\/\/www.lrob.fr\/en\/services\/wordpress-audit-consulting\/\">WordPress security audit<\/a>.<\/p>\n<\/div>\n\n\n\n<div class=\"wp-block-column is-layout-flow wp-block-column-is-layout-flow\" style=\"flex-basis:33.33%\">\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"1024\" src=\"https:\/\/www.lrob.fr\/wp-content\/uploads\/2023\/10\/hacker-targetted-attack.jpg\" alt=\"\" class=\"wp-image-3292\" srcset=\"https:\/\/www.lrob.fr\/wp-content\/uploads\/2023\/10\/hacker-targetted-attack.jpg 1024w, https:\/\/www.lrob.fr\/wp-content\/uploads\/2023\/10\/hacker-targetted-attack-150x150.jpg 150w, https:\/\/www.lrob.fr\/wp-content\/uploads\/2023\/10\/hacker-targetted-attack-300x300.jpg 300w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n<\/div>\n<\/div>\n<\/div>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity gutenify-section-edbfa160-6744-11ee-8255-a57d031fc356\"\/>\n\n\n\n<p class=\"has-text-align-center gutenify-section-f15a7b60-6744-11ee-8255-a57d031fc356\">Further information<\/p>\n\n\n\n<div class=\"wp-block-group gutenify-section-dd96d470-65f0-11ee-ab40-73a001de26da has-global-padding is-layout-constrained wp-container-core-group-is-layout-0747478d wp-block-group-is-layout-constrained\" style=\"padding-top:var(--wp--preset--spacing--50);padding-right:var(--wp--preset--spacing--50);padding-bottom:var(--wp--preset--spacing--50);padding-left:var(--wp--preset--spacing--50)\">\n<h2 class=\"wp-block-heading gutenify-section-a1a3ff60-65f0-11ee-ab40-73a001de26da\" id=\"verifier-si-mon-site-est-vulnerable\">Check if my site is vulnerable<\/h2>\n\n\n\n<p class=\"gutenify-section-a4f685c0-65f0-11ee-ab40-73a001de26da\">You can test the vulnerability of your website via my <a href=\"\/en\/services\/wordpress-audit-consulting\/\">WordPress security audit<\/a>.<\/p>\n\n\n\n<p>In the case of dedicated server hosting, the LRob audit also looks for server vulnerabilities.<\/p>\n\n\n\n<div class=\"wp-block-columns are-vertically-aligned-center is-layout-flex wp-container-core-columns-is-layout-28f84493 wp-block-columns-is-layout-flex\">\n<div class=\"wp-block-column is-vertically-aligned-center is-layout-flow wp-block-column-is-layout-flow\" style=\"flex-basis:66.66%\">\n<p>But the ideal is still to<a href=\"https:\/\/www.lrob.fr\/en\/web-hosting\/\">host your site with LRob<\/a> to benefit from <a href=\"https:\/\/www.lrob.fr\/en\/features\/secure-web-host-cybersecurity\/\">a large number of safety measures<\/a>. With impeccably secure servers and alerts in the event of a WordPress flaw, whether in the core, a plugin or a theme. It's a kind of permanent audit that ultimately costs much less.<\/p>\n\n\n\n<p>And if you don't even want to think about it, then es offers <a href=\"https:\/\/www.lrob.fr\/en\/services\/wordpress-webmastering\/\">Webmastering WordPress<\/a> LRob are made for you. They let you delegate all maintenance and safety aspects, so you can sleep soundly at night.<\/p>\n<\/div>\n\n\n\n<div class=\"wp-block-column is-vertically-aligned-center is-layout-flow wp-block-column-is-layout-flow\" style=\"flex-basis:33.33%\">\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"1024\" src=\"https:\/\/www.lrob.fr\/wp-content\/uploads\/2024\/09\/angel-laptop-protect-1024x1024.webp\" alt=\"angel laptop protect\" class=\"wp-image-5089\" srcset=\"https:\/\/www.lrob.fr\/wp-content\/uploads\/2024\/09\/angel-laptop-protect-1024x1024.webp 1024w, https:\/\/www.lrob.fr\/wp-content\/uploads\/2024\/09\/angel-laptop-protect-150x150.webp 150w, https:\/\/www.lrob.fr\/wp-content\/uploads\/2024\/09\/angel-laptop-protect-300x300.webp 300w, https:\/\/www.lrob.fr\/wp-content\/uploads\/2024\/09\/angel-laptop-protect-1536x1536.webp 1536w, https:\/\/www.lrob.fr\/wp-content\/uploads\/2024\/09\/angel-laptop-protect-2048x2048.webp 2048w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n<\/div>\n<\/div>\n<\/div>\n\n\n\n<div class=\"wp-block-group has-global-padding is-layout-constrained wp-container-core-group-is-layout-f611be13 wp-block-group-is-layout-constrained\" style=\"padding-top:var(--wp--preset--spacing--50);padding-right:var(--wp--preset--spacing--50);padding-bottom:var(--wp--preset--spacing--50);padding-left:var(--wp--preset--spacing--50)\">\n<h2 class=\"wp-block-heading\" id=\"que-faire-si-mon-site-est-deja-pirate\">What can I do if my site has already been hacked?<\/h2>\n\n\n\n<p>If your site is hacked, then it needs to be repaired and secured. In almost all cases, your data is not lost and can be repaired. Consult the <a href=\"https:\/\/www.lrob.fr\/en\/services\/repairing-and-securing-pirated-wordpress-sites\/\">page dedicated to repairing hacked WordPress sites<\/a> to see the right reactions to have and call on my services. During a repair, a vulnerability audit is also carried out.<\/p>\n<\/div>","protected":false},"excerpt":{"rendered":"<p>Why do hackers attack WordPress sites? What do they gain? And why are they targeting everyone? All the answers and ways to protect your site.<\/p>","protected":false},"author":1,"featured_media":3205,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[24],"tags":[],"class_list":["post-3175","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-securite-wordpress"],"_links":{"self":[{"href":"https:\/\/www.lrob.fr\/en\/wp-json\/wp\/v2\/posts\/3175","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.lrob.fr\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.lrob.fr\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.lrob.fr\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.lrob.fr\/en\/wp-json\/wp\/v2\/comments?post=3175"}],"version-history":[{"count":42,"href":"https:\/\/www.lrob.fr\/en\/wp-json\/wp\/v2\/posts\/3175\/revisions"}],"predecessor-version":[{"id":7210,"href":"https:\/\/www.lrob.fr\/en\/wp-json\/wp\/v2\/posts\/3175\/revisions\/7210"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.lrob.fr\/en\/wp-json\/wp\/v2\/media\/3205"}],"wp:attachment":[{"href":"https:\/\/www.lrob.fr\/en\/wp-json\/wp\/v2\/media?parent=3175"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.lrob.fr\/en\/wp-json\/wp\/v2\/categories?post=3175"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.lrob.fr\/en\/wp-json\/wp\/v2\/tags?post=3175"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}