When a site is hacked and defaced, some webmasters generally assume that hackers have targeted your site and infiltrated it with advanced technology, but this is not the case with WordPress. This is not the case with WordPress.
Hacking of a WordPress site is not a targeted attack on your site!
Some webmasters think that if their site has been defaced by a hacking attack, hackers spent hours or days on their site to find vulnerabilities, etc., and that they used advanced technology to get into the site. However, in almost all cases, WordPress has not been hacked in such a way.
WordPress sites are used by 30% of the world’s sites, and there are hundreds of millions of sites. Hackers attack sites using a mass-attack methodology, finding the easiest site to hack from this list of hundreds of millions of sites and then breaking in.
If the hacker cannot break into a site easily, he or she will immediately give up and try another site. (This is because there are many other sites that can be penetrated more easily.)
Hackers do not use advanced techniques to break into sites, but prefer to attack vulnerabilities in plugins and themes that are the easiest to exploit and most likely to be present in many sites.
The programs that make up WordPress sites are open source and vulnerabilities have already been investigated by thousands of technicians, and the vulnerabilities that are found are publicly available!
Hackers use search engines to obtain a list of WordPress sites, and then attack them by hitting vulner abilities in plug-ins and themes that are installed on many sites, one after another, using tools to hit vulnerabilities at random, even if the attacks don’t work. We will attack your site.
WordPress vulnerabilities are publicized on websites such as NIST to alert users of vulnerabilities in various programs, and hackers often use this information to build hacking tools.
Therefore, if you are using a patched WordPress, theme, or plugin, hackers will not be able to successfully exploit the vulnerabilities.
It is nearly impossible to find undiscovered vulnerabilities in individual programs, and even if you do find them, it is unlikely that the hacker used the vulnerability to attack the site, so there is little point.
It is difficult to determine the date and reason for a successful hack.
As mentioned above, WordPress hackers attack a large number of sites by hitting vulnerabilities at random, so only traces of a large number of attacks (including those that are difficult to separate from general access logs) will remain.
Many servers only keep simple access logs, and almost all servers do not keep data on what kind of data the hacker sent by POST or other means.
And even if such access logs were taken, it is extremely difficult to identify successful attacks among the enormous number of attack traces. (It is necessary to reproduce each attack method one by one to determine whether it is successful or not. Even if we were able to identify a vulnerability that could be successfully exploited, it would also be difficult to determine whether the hacker subsequently exploited that vulnerability.)
Hackers may also take advantage of backdoors set up by other hackers. In cases where multiple hackers are defacing a site, the defacement will not stop until the backdoor is removed from the server.
For this reason, the idea of pinpointing when and how a WordPress site was breached and then implementing security measures to block it is not a realistic approach to WordPress security measures.
WordPress Security Measures
WordPress security measures need to take into account the particularities of the WordPress attack method.
For the time being, the following measures are the most effective and efficient
Remove malware (backdoors) from the server
Free WordPress:Malware Scan & Security Plugin [Malware and Virus Detection and Removal].
It is also important that you do not leave any known vulnerable programs (WordPress itself, themes, plugins) on your server.
(*Themes and plugins can be accessed directly via the Internet even if they are deactivated, so leaving deactivated themes and plugins on the server is also dangerous.)
It is also said that 60% of successful hacking is due to vulnerability attacks on theme and plugin programs, and 20% is due to weak passwords for administrator privileges, which can be broken by brute force attacks. For this reason, it is also important to ensure that the passwords of users with administrative privileges are strong.
Reference
5 Free WordPress Security Measures
We hope this was helpful.