Hackers target vulnerabilities in WordPress to gain various unauthorized access. The most common of these attacks is against admin-ajax.php.


Why do hackers target WordPress admin-ajax.php?

admin-ajax.php is a file that is built into WordPress from the beginning and is located in the wp-admin folder.
admin-ajax.php is a mechanism for WordPress itself, themes, and plugins to communicate behind the scenes, and is often used to update posts, save settings, and send emails, for example, without moving from one screen to another.

The implementation of such a program is as follows, and the processing is implemented in each theme and plugin.

add_action("wp_ajax_my_function", "my_function");
function my_function() {
    // The actual implementation of the processing is done in each plugin or theme
}

The vulnerability in the implementation part of each plugin or theme is targeted by hackers to admin-ajax.php.

*The attack on admin-ajax.php can be visualized with the [Free] WordPress:Malware Scan & Security Plugin [Malware and Virus Detection and Removal].

How to deal with attacks on admin-ajax.php

A hacker attack on admin-ajax.php does not necessarily mean that it is successful.
Hackers use tools to exploit vulnerabilities in WordPress sites via admin-ajax.php in a haphazard manner and attack sites in a successful methodology.

However, if successful, the WordPress site may be tampered with and malware may be embedded.

Stopping and deleting admin-ajax.php is difficult.

It is difficult to completely stop admin-ajax.php from working in order to improve security because, as mentioned above, admin-ajax.php is a very commonly used mechanism that can have a significant negative impact on the operation of the site.

Therefore, it is important to eliminate the possibility of vulnerabilities being breached through admin-ajax.php, i.e., to leave the site vulnerable.

For this purpose, the following measures are taken.

Regularly inspect the site for vulnerabilities.

Avoid installing unnecessary plug-ins and themes.

We do not use plug-ins or themes that have been out of date for a long period of time and replace them with new ones that are updated as often as possible.

Keep WordPress and plugin themes up-to-date and free of vulnerabilities (regular updates).

Related Posts:

  1. Can a hacker attack on WordPress itself be prevented?
    Our client asked us if we could prevent the attacks themselves, since hackers have not stopped attacking them. Here is an explanation....
  2. 10 unauthorized WordPress access files
    Here are the most common unauthorized accesses that hackers target WordPress as of September 2023....
  3. How to limit the computers that can log in to the WordPress admin screen by IP
    This section explains how to limit the computers that can log in to the WordPress admin screen by IP....
  4. Find out the most dangerous vulnerabilities in your WordPress!
    Common Vulnerability Assessment System CVSS Score Software vulnerabilities have an objective measure of severity called a CVSS score. The CVSS score is basically derived from the following criteria on a 10-point scale....
  5. Tampering Cases in WordPress What are SEO Hacks?
    The most common type of WordPress tampering today is called SEO hacks (SEO spam), and we will explain examples of SEO hacks and how to deal with them....
  6. Regarding the detected unauthorized access list that visualizes attacks on WordPress
    We have received several inquiries about the “Detected Unauthorized Access List” feature of the WordPress Doctor Malware Scanner, so we will explain it here....