It is dangerous to run a WordPress site and think that it will not be targeted because of low traffic. We will explain why low traffic does not necessarily mean that your site will not be hacked.
How do hackers look for attack sites?
It is estimated that WordPress is used by 30% of websites, which is a huge number.
For this reason, the most common method used by hackers to attack WordPress sites is to use a brute force approach to find the easiest site to break into.
For example, the following search will only find WordPress sites in the search results.
This is because the following text is the text that is inserted into the footer of many of the free WordPress themes.
"is proudly powered by WordPress".
Search query to find sites that have any plugin installed.
Hackers can also search for sites that have a specific plugin installed by using the following query
inurl:"/wp-content/plugins/plugin name(folder name)/"
inurl: outputs the containing pages that contain the query specified in the URL that is being loaded on the site’s pages. Many plug-ins load stylesheets and JS into the site, so their URLs are output in the HTML of the page.
You can hook it up to a search with such a query.
Also, if your server has a feature enabled that automatically generates an HTML page listing the files in a folder without index.php or index.html, it will be caught by the above query.
If you set the “Plugin name (folder name)” to the name of the vulnerable plugin’s folder, you can find WordPress sites that have that plugin installed.
This kind of search query with the goal of hacking a site is called Dork.
Query to find backups of a site
If you have a backup of the site’s database on the server, some queries can be retrieved by hooking such a file into the search results.
*Some of these files have been redacted.
filetype:sql inurl:??????backup-*
The above query will display in the search results pages (including auto-generated INDEX) that contain only database-style files in filetype: and backup file URLs in inurl:.
It is very dangerous for a hacker to have access to your site’s user IDs, email addresses, and other data if your backups are in the hands of a hacker.
Preventing Attacks with Dork
The only way to completely prevent such search query attacks is to make the entire site search engine-proof, but that would mean giving up all the traffic to the site via search engines, which is not easy to do.
The basic measures that can be taken to prevent Dork attacks are as follows
Configure the server settings so that the Index of the list of files is not automatically generated when a folder is accessed.
Remove unnecessary plug-ins and themes.
Update vulnerable plug-ins.
Suppress version output from plugins and WordPress
Do not put backup or server log files in an obvious location on the server with an obvious name (the latest plugins such as BackWPup and Updraft take care of this).
Do not place backups of wp-config files on the server (it is very dangerous to place backups of these files on the server under names such as wp-config.bak or wp-config.txt, as they can be downloaded as text files).
For other general security measures, please refer to the following pages
5 free WordPress security measures
The plugin developed by WordPress Doctor allows you to “stop the HTML in the automatically generated folder file list,” “check for vulnerable plugins,” “suppress WordPress version output,” etc., from the administration screen easily.
We would be happy if you could try this if you would like.
↓↓↓↓
Free WordPress:Malware Scan & Security Plugin [Malware and Virus Detection and Removal].
