Through the development of WordPress security plug-ins and the recovery of many malware-infected sites, WordPress Doctor has studied how hackers tamper with WordPress and embed malware.
1 How do they find your site?
How would a hacker find out if your site uses WordPress and has vulnerabilities that could be breached?
The most common method used is search engines. For example, a search with the following query will bring up a number of WordPress sites.
Welcome to WordPress. This is my first post."
As you can see, this is the wording of the first post that is added by itself when you install WordPress.
Another way to search for vulnerabilities is to put a special query into a search engine to find them directly. This method is called Dork, and for example, the following query can be used to find vulnerable sites with a particular plugin.
inurl:/wp-content/plugins/plugin folder name
2 How does it get into your site?
There are two main ways hackers can break into your site.
1 Brute force attack
The administrator login is mechanically repeated hundreds of thousands of times using a dictionary of commonly used passwords to seize administrative privileges.
2 Vulnerability exploit
After checking for the existence of vulnerabilities in old plug-ins and WordPress itself, they attempt to gain entry through these vulnerabilities. Vulnerabilities can be investigated over the network without logging into WordPress.
One such tool is WPSCAN.
There are also tools available that mechanically probe dozens of vulnerabilities in rapid succession and automatically break in and embed backdoors when vulnerabilities are found. (However, since the tooling is tooled, it is often a tool that can only break through old vulnerabilities in old ways.)
Conversely, many hackers who break into WordPress do not have very advanced technology, but only target the sites that can be broken into most easily using tools. This is because there are 50,000 sites that can be penetrated easily.
3 Why would someone deface your site or embed malware?
Most of the reasons hackers deface sites can be summed up in the following five categories
1 SEO hack
To gain an SEO advantage, they force you to link to some other site or redirect you to another site. This will help fund some SEO firm or the improved traffic will make money.
In some cases, affiliate links may be embedded, so it is thought that the goal is to get clicks on the affiliate.
2 Forcing users to download malicious files to their PCs
The original purpose of these sites is to induce users to install fake antivirus software, spyware, or other malware on the computers of individuals who access the site.
This is often the case with malware that displays a sweepstakes site or a security warning page.
3 Botnets
This is a collection of malware-infected sites with the goal of sending large amounts of traffic to a specific site and taking it down (called a DDOS attack). This collection of sites (servers) that can be manipulated at will is called a botnet.
4 Illegal acquisition of virtual currency
This is a pattern in which malware performs mechanical tasks to fulfill acquisition conditions for sites that mine virtual currency on their sites or distribute virtual currency for free.
5 Spam e-mail distribution
A spam mail distribution program is embedded in a site, and numerous spam mails are sent using the server where the infected site is located as a stepping stone.
ーー
WordPress is the most recovered web system in the world. As mentioned above, there are 50,000 sites around the world that can be easily penetrated, so as soon as hackers see that an old vulnerability cannot be easily breached or a password cannot be easily broken into, they give up and look for another site.
Therefore, even with basic measures, it is quite possible to prevent WordPress from being tampered with or hacked, so we recommend that you do not give up and take basic measures.
Vulnerability checks are also available.
Please use the [ Free] WordPress:Malware Scan & Security Plug-in [Malware and Virus Detection and Removal].
Free WordPress Security Plug-ins