There are various methods by which WordPress can be hacked, the most common of which is called an injection attack. This section describes these injection attacks.
What is an injection attack?
Injection is a Japanese word meaning injection. In other words, it is an attack in which a hacker embeds some malicious programming code or database data into a site.
Injection attacks can be performed through vulnerabilities in plug-ins or brute force attacks in which a hacker repeatedly logs in to find out the administrator’s password.
Reference
How do hackers tamper with WordPress and embed malware?
Types of Injection Attacks
The following is a description of the typical types of injection attacks, in the order in which they are most often performed on WordPress.
1 Code Injection
In this attack, a hacker embeds malware into a legitimate WordPress file. The most common files in which malicious code is embedded are index.php and wp-config.php, which are executed each time the site is viewed.
For example, the following code is embedded and the malware is executed every time a user accesses the site.
index.php
/*sa6ahds6wr ← An identifier to check for the presence of the hacker's malicious code is also embedded @include(/var/www/.... /.6sada8dh.ico) ← Injection of the include portion to load the malware itself /*sa6ahds6wr
Code injection is not necessarily written into a legitimate file, but may be installed as a single independent program on the server. This program may be a backdoor that serves as an entry point for hackers to re-hack, or it may have the ability to automatically reinfect or investigate the server.
2 SQL Injection
WordPress generates websites with two types of data styles: real files, such as program files and HTML files, and data recorded in databases.
An attack that illegally embeds or alters data in this database is called SQL injection.
This attack involves creating users with unauthorized administrator privileges, writing unauthorized code in plug-ins or theme settings to be executed when the website is displayed, or embedding a large amount of Javascript code in content (posts) to cause users accessing the content to be sent to another This can be used for redirect attacks, for example, where a large amount of JavaScript code is embedded in content (posts) to send users who access the content to another site.
3 XML Injection
This is an injection attack that has been on the rise in recent years, in which malformed URLs or pages are embedded in the XML of WordPress sitemaps, with the goal of hooking search engines.
It causes a large number of pages that you do not remember to be trapped in the search results. In many cases, the malicious pages themselves are also embedded in the server, causing a variety of malicious pages to be displayed on the server.
Detecting Injection
WordPress injection attacks are often difficult to prevent.
Reference
Can a hacker attack on WordPress itself be prevented?
However, simple measures can prevent most of them.
Reference
Five free WordPress security measures
If you have already had an injection attack that has inserted malicious code or data into your site, you can also use a malware scanner plugin to detect and remove it.
Free WordPress:Malware Scanning & Security Plug-in [Malware and Virus Detection and Removal].