What kind of attacks can hackers launch on a WordPress site? We will explain about the following
There are two main types of hacking attacks against WordPress sites
Nearly 60% of WordPress hacking is caused by plugin vulnerabilities, and nearly 20% is a brute force attack on the administrator user’s password.
Image credit WordFence
In other words, hacking attacks are also most commonly related to these two.
Attacks that take advantage of plugin vulnerabilities
Attacks that compromise the password of the administrator user.
How do hackers hack attack WordPress sites?
Let’s visualize how hackers actually attack WordPress sites.
*This attack log was detected by the Hacking Monitor function of the [Free] WordPress:Malware Scan & Security Plugin [Malware and Virus Detection and Removal].
Brute force attack (brute force attack to break administrator user’s password)
This hacking attack shows that the hacker tries to log in by sending data (ID admin password admin) to the WordPress login file wp-login.php.
The hacker automatically repeats the login operation thousands or tens of thousands of times using a list of commonly used IDs and passwords, and tries to figure out the login information for the WordPress administration page.
Plugin Vulnerability Attacks
These attacks are designed to check for the presence of vulnerabilities or malware files (installed by other hackers) in files in the WordPress plugin folder, or directly exploit vulnerabilities to write or modify files.
Vulnerability attack using admin-ajax
admin-ajax is a mechanism used by WordPress sites to perform various asynchronous processes behind the scenes of communication, such as page display, etc. This communication method is used by various plugins and themes to retrieve and update information in the background, but this communication may be vulnerable and is often used by hackers to launch attacks. Hackers often use it for attacks.
An example of this attack is an attempt to download wp-config.php and obtain database access information by exploiting a vulnerability in admin-ajax of the revslider plugin.
The next attack will be an attack to upload an arbitrary malicious file using a CSV file upload vulnerability in the Membership For WooCommerce plugin.
Hackers will also attack sites where the vulnerability does not exist.
None of the vulnerabilities mentioned above exist on this site.
Nevertheless, hackers attack a vast number of WordPress sites one after another, using tools to try to exploit a large number of vulnerabilities. (We call this particular type of attack on WordPress sites a “good-if-successful” attack.)
This is because WordPress is the most popular CMS in the world, and there are plenty of vulnerable sites that can be easily breached by automated attacks with tools on a vast number of sites.
This means that if a site does not have the most prominent vulnerabilities, it is unlikely that a WordPress site will be successfully hacked.
However, we recommend that you block the IP of any computer that uses this IP if you detect a hack, as it is most certainly the IP of a hacker.
You can check the danger level of a detected IP by clicking on the IP at www.abuseipdb.com
