What are the vulnerabilities that are often mentioned when a WordPress site is tampered with or infected with malware (viruses)?
In this article, we will discuss program vulnerabilities.
Overview of WordPress PHP Program Vulnerabilities
WordPress is made of a programming language called PHP. From that group of programs, it retrieves data from the database on the server, uploads images and files, retrieves designs and outputs them to the browser, and loads and executes plugin extensions.
The average number of PHP programs in WordPress is 3000 files, including plug-ins.
In rare cases, some of these files may contain errors or flaws that allow the site administrator/programmer to remotely perform actions that were not intended.
This unintended action is called a vulnerability.
Classification of WordPress Vulnerabilities
There is an international classification of vulnerabilities, called CVE, according to their degree of danger.
This CVE is a system that allows you to be alerted and know the characteristics regarding the vulnerability by scoring it on a 10-point scale based on various indicators, such as
Where is the attack possible from?
The complexity of the conditions required for the attack
The level of privileges required for the attack
The extent of the impact of the attack.
The possibility of information leakage
Possibility of falsification of information
Possibility of information leakage ・Possibility of information falsification ・Possibility of business delays or stoppages
A high score here means that the attack can be easily carried out remotely, and that the hacker’s privilege level is low enough to suffer information leakage or tampering.
Reference site: https: //www.ipa.go.jp/security/vuln/CVSSv3.html
Plug-ins that can scan for the most dangerous vulnerabilities of CVE7.5 and above
[Free] WordPress:Malware Scanning & Security Plugin [Malware and Virus Detection and Removal].
What happens if a WordPress site program is vulnerable?
A vulnerability in a WordPress site’s core files, plugins, or theme program does not mean that the vulnerability will be immediately exploited and the site will be defaced.
The following conditions must be present for a hacker to exploit a vulnerability and modify the site’s files and databases
1 The vulnerability must be large enough to allow tampering.
2 The vulnerability can be exploited from outside the server with low privileges.
3 The WordPress site must be found by search engines or be accessible through a listing of some kind (the site must be discoverable).
4 The site must be vulnerable, or it must be possible to verify the existence of the file or send a query to check from the outside.
5 Other conditions (file write permission, database write permission, etc.) must be set up on the server side so that the vulnerability can actually be used to carry out unauthorized activities.
However, since WordPress is a system used in about 30% of websites, the denominator is overwhelmingly large, and with the advancement of search engines, techniques have been established to find sites with rare conditions among them, so even small sites cannot be considered safe . Therefore, even small sites cannot be considered safe.
Protecting Your Site from WordPress Vulnerability Attacks
We provide a lot of information on this site to protect your site from attacks that take advantage of WordPress vulnerabilities.
Here is a list of pages that you may find useful.
8 characteristics of sites that can be hacked by WordPress
Learn how hackers rewrite (alter) files on a WordPress site to increase security.
To prevent WordPress hacking, it is not enough to take only login-related security measures
How to check individual WordPress plugins for vulnerabilities
WordPress Security Improvement Plugin Vulnerabilities Edition
