Let's put ourselves in the shoes of hackers attacking WordPress sites. Let's understand how they think and operate, so that we can better protect ourselves.
Pirates will do anything to generate revenue. They distract visitors pirated sites via sponsored links or redirects, or add inopportune advertising of which they reap the rewards. They also sometimes add links to other infected sites in an attempt to get them listed on Google.
Often without limits, they also go so far as to house phishing on your site. In other words, copies of institutional sites. This enables them to send victims to whom they have previously sent fake e-mails pointing to these links, and thus to recover their personal login details for these real accounts. Sometimes, these may be bank or health accounts.
At LRob, we have numerous safety measures to detect and completely block hackers, and we also blacklist them to help the web community. Your web hosting benefit from a much-improved safety barrier, so you can sleep soundly at night.
Contents
The aim of the pirates
Hackers are generally motivated by money. Although their attacks are often stupid and nasty, you shouldn't underestimate them because some of them are clever.
More marginally, we are also seeing hacking competition, sometimes taking place at events such as «hackathon», Sometimes, however, the site is completely defaced. However, I haven't seen this type of hack for a few years, so it seems that this practice is dying out for the time being.
Why attack WordPress sites?
WordPress is widely used, with 43% websites worldwide. This makes it a target of choice for hackers. Attacking WordPress allows them to maximise their results during their attacks. It's exactly the same principle as with Windows, which is the most popular operating system and therefore the most attacked.
WordPress is also very rich in terms of code and functionality, as well as documentation. So much so that many vulnerabilities are regularly made public. It is important to note that the flaws also and above all concern the numerous plugins and themes of WordPress.
Hackers' modus operandi
It is relatively easy to identify mass WordPress sites on the internet. Pirates therefore create lists of WordPress sites.
They will then cross-reference these lists with the known security vulnerabilities of WordPress.
They then have to write or find «exploits», in other words requests or codes to be used to exploit these vulnerabilities.
Once they have found their «exploits», they programme robots which automatically try to use them on all these sites. These bots are often installed on previously infected servers and personal computers. Together, these bots are called a «botnet».
To attack more effectively, some slightly more skilled hackers will first list the plugins and themes installed on each site and their versions. By knowing the version of the scripts, anyone who may be aware of the security loopholes present in each version.
In fact, this is one of the actions carried out during a WordPress security audit. Hackers use this method to find and exploit vulnerabilities in each site much more effectively.
This type of detection is blocked by the server security features on our secure web hosting.
Some pirates are even more gifted plan their attacks in advance, sometimes targeting numerous sites of a particular host, in an attempt to saturate user support and keep their hack going as long as possible.
This is how we see waves of piracy. It should be noted that some waves of hacking also occur because a new vulnerability has been discovered by hackers before it has been corrected by developers. This is known as a «zero-day vulnerability».
Targeted attacks
Your site doesn't need to be specifically targeted to be hacked. As we have seen, hackers attack thousands or even millions of WordPress sites every day in an automated fashion. This means that very small sites with just a few dozen visitors a day, or the sites of small associations or local authorities, can be hacked.
Nevertheless if your site has a security flaw of any kind, a targeted attack, operated and directed directly by a hacker, will very quickly result in your site being completely hacked.
Targeted attacks are relatively rare (less than 3% of hacks in my experience). The targets of choice in this case are mainly political, media or ideological.. In other words, targeted attacks tend to be aimed at institutional sites or sites with ideologically charged content. If this is the case for you, don't wait until it's too late and treat yourself to a WordPress security audit.
To find out more
Check if my site is vulnerable
You can test the vulnerability of your website via my WordPress security audit.
In the case of dedicated server hosting, the LRob audit also looks for server vulnerabilities.
But the ideal is still to’host your site with LRob to benefit from a large number of safety measures. With servers with impeccable security and alerts in the event of a WordPress flaw, whether in the core, a plugin or a theme. It's a kind of permanent audit that's ultimately much cheaper.
And if you don't even want to think about it, then take a look at our offers. Webmastering WordPress LRob are made for you. They allow you to delegate all maintenance and safety aspects, so you can sleep soundly at night.
What should I do if my site has already been hacked?
If your site has been hacked, it needs to be repaired and made secure. In almost all cases your data is not lost and can be repaired. Consult the page dedicated to repairing hacked WordPress sites to see the right reactions to have and call on my services. During a repair, a vulnerability audit is also carried out.
Leave a Reply
You must be logged in to post a comment.