Here are some of the most common attack patterns recorded as hacking logs that we detect on a daily basis.

Access logs of hackers’ most common hacks as of January 2021

When hackers find a WordPress site on a search engine, they first check for vulnerabilities or backdoors that have already been embedded by other hackers or in themes, plugins, and other components of the site.
Here are some of the most common methods that have been detected recently.

1 /wp-content/plugins/temp.php /wp-content/uploads/2020/xx/content-post.php , doc.php

This is a log that is recorded when another hacker tries to take advantage of a backdoor that has already been embedded by the hack. If this file is present on your site, you may have been hacked and should inspect the contents in detail if the file is present.

2 /wp-content/plugins/media-library-assistant/includes/mla-file-downloader.php

The access logs of this hacker are located at \/. \ \… \/. \/wp-config.php is detected along with queries such as: attempting to download the wp-config.php configuration file using a vulnerability in the media-library-assistant plugin.

3 /wp-admin/admin-ajax.php action=revslider_show_image

Similar to the above, this also attempts to download the wp-config.php configuration file by exploiting a vulnerability in the Slider Revolution plugin.

4 /wp-admin/admin-ajax.php action=duplicator_download

Similar to the above, this also attempts to download the wp-config.php configuration file by exploiting a vulnerability in the Duplicator plugin.

It is said that every WordPress site is attacked on average 4 or 5 times a day!

No matter how small the site is, hackers will find the site via search engines, access the above files, and attack the site to see if they can break in. It is said that every site receives on average 4 or 5 attacks a day from hackers.
If a vulnerable file is on the site, hackers will tamper with the site and plant malicious programs on the site to misdirect the entire site to another site or to cause users to download viruses, calculate virtual currency, or do other unauthorized activities on the site. They will customize the site.

You can log and record the hack with the WordPress Doctor Malware Scanner

WordPress:Malware Scanner & Security Plugin [Malware and Virus Detection and Removal] can also be used to detect and log hacking with a unique algorithm.

If you want to use our security features or inspect your site for malware and tampering, please use our security plugin.

Related Posts:

  1. Most Targeted Plugin Vulnerabilities in WordPress, November 2020 Edition
    WordPress Doctor is pleased to inform you of the commonly targeted plugin vulnerabilities in WordPress as of November 2020 that we detect on a daily basis....
  2. More attacks against vulnerabilities in the plugin Duplicator
    Duplicator, a plugin deployed on millions of sites that allows users to migrate, copy, move, clone, and create backups of WordPress sites, is vulnerable in versions 1.3.26 and below....
  3. Reasons for repeated hacker defacement and malware infection on WordPress sites
    Once a WordPress site has been defaced by hackers, embedded malware, or infected with a virus, the site may be repeatedly defaced even after you think you have removed the malware. We will explain how to deal with such cases....
  4. 10 unauthorized WordPress access files
    Here are the most common unauthorized accesses that hackers target WordPress as of September 2023....
  5. What are program vulnerabilities in WordPress?
    WordPress and plugins require updates to close vulnerabilities, but we will explain the most dangerous types of vulnerabilities....
  6. Can a hacker attack on WordPress itself be prevented?
    Our client asked us if we could prevent the attacks themselves, since hackers have not stopped attacking them. Here is an explanation....