Here are the most common unauthorized accesses that hackers target WordPress as of September 2023.
The 10 most common unauthorized accesses to WordPress sites
The following are the 10 most common WordPress malicious accesses that WordPress Doctor has detected.
/wp-content/plugins/core-plugin/include.php
-> This one is access to an illegally installed plugin with a backdoor function!
/wp-content/plugins/dzs-zoomsounds/savepng.php
-> This is an attack against a vulnerability that allows the upload of arbitrary files in a plugin called dzs-zoomsounds
/wp-22.php
-> An exploit that allows access to an illegally embedded backdoor in
/wp-content/plugins/ioptimization/IOptimize.php
-> Access to an illegally installed plugin with backdoor functionality
/wp-content/plugins/apikey/apikey.php
-> Access to an illegally installed plugin with backdoor functionality
/wp-content/themes/pridmag/db.php
-> Attack against vulnerabilities in the theme pridmag
/wp-plain.php
-> Attempt to access an illegally embedded backdoor in /wp-plain.php
/wp-content/themes/seotheme/db.php
-> Vulnerability in theme seotheme (probably installed illegally)
/wp-good.php
-> Attempt to gain access to an illegally embedded backdoor
Nowadays, the main type of unauthorized access is not directly targeting vulnerabilities, but rather reusing backdoors that other hackers have embedded in sites.
In other words, once a site has been defaced and a backdoor such as the one described above is embedded, there is a high possibility that multiple hackers will take advantage of it.
What if there is a record of access to a file like the one above?
The presence of such an access log does not necessarily mean that the hack was successful.
This is because hackers repeatedly use tools to gain such unauthorized access to WordPress sites at random. You can determine if the unauthorized access failed or not by the server’s response to a 404 (non-existent file).
It is also a form of attack that is difficult to prevent completely. This is because the prevalence of such unauthorized accesses changes from time to time, and it is necessary to construct a system to repel pre-defined patterns of unauthorized accesses on the server side, and the construction of such a system is also quite difficult due to the aforementioned constantly changing prevalence. (This is because it is difficult to construct such a system due to the aforementioned constantly changing trends. (In the absence of such a mechanism, it would be difficult to separate the access from general access.)
If there is a possibility of successful hacking, scan for malware with plug-ins
Free] WordPress:Malware Scan & Security Plugin [Malware and Virus Detection and Removal].
You can scan and remove malware from your site by using the plugin [Free] WordPress:Malware Scanning & Security Plugin [Malware & Virus Detection and Removal].
If you suspect or are concerned about the possibility of a successful hack, we recommend that you run a malware scan of your site with the plugin.