Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

WordPress Common Attacks

96 views

Published on

There are many ways to hack a WordPress Site, here we present the common attacks so you can prevent your website from being hacked. If it's too late you can get in touch with us!

Published in: Technology
  • Be the first to comment

  • Be the first to like this

WordPress Common Attacks

  1. 1. W O R D P R E S S C O M M O N A T T A C K S Prevent your WordPress Website from being hacked
  2. 2. DETECT MALWARE AND INFECTIONS Thousands of malware types and infections are active on the Internet; fortunately, not all apply to WordPress. We’ll look at four of the most common attacks on WordPress users:
  3. 3. BACKDOORS A backdoor lets an attacker gain access to your environment via -what you would consider being abnormal methods- FTP, SFTP, WP-ADMIN, etc. Backdoors are exceptionally dangerous, the most dangerous can cause serious damage on your server; commonly these attack often happens because of out-of-date software or security holes in the code. Like most infections, this one can be encoded or encrypted, however, it’s not always as simple as looking for the encrypted code; there are several instances in which it looks like legitimate code. Backdoors come in all different sizes. In some cases, a backdoor is as simple as a file name being changed, in other cases, the code is embedded in a seemingly benign file 01
  4. 4. DRIVE-BY DOWNLOADS The point of a drive-by download is often to download a payload onto your user’s local machine, one of the most common payloads informs the user that their website has been infected and that they need to install an anti-virus product. There are a number of ways this attack can get in, the most common causes are Out of date software, compromised credentials (wp-admin, FTP) and SQL injection. This kind of attacks have been functioning as conditional malware, this means that they are designed with rules that have to be met before the infection presents itself. Using a scanner such as SiteCheck to see whether you are infected is possible. Scanners are pretty good at picking up link injections. 02
  5. 5. PHARMA HACK Pharma hack is one of the most prevalent infections around. It should not be confused with malware; it’s actually categorized as SPAM. Like most SPAM-type infections, pharma hack is largely about controlling traffic. SPAM injections can be identified by navigating your website, looking at your ads, links, posts and pages, but, the most effective method of detection is by enabling some type of auditing or file monitoring on your WordPress website, in order to see when new files have been added or when changes have been made. REMEMBER: If you’re found to be distributing SPAM, you run the risk of being flagged by Google with the following alert: This site may be compromised! 03
  6. 6. MALICIOUS REDIRECTS A malicious redirect sends a user to a malicious website. When a visitor is redirected to a website other than the main one, the website may or may not contain a malicious payload. The malicious redirect could be generated by a backdoor; the hacker would scan for a vulnerability and, when they find it, upload a payload that functions as a backdoor. Detecting a redirect is not as complex as detecting some of the other infections, it is often found in your .htaccess file or in your PHP files (header.php, footer.php or index.php, etc.) as an encoded redirect. There are a few ways to check for infections like using a free scanner, such as gtmetrix or to listen to your users. You might not detect the redirect, but sometimes a user will alert you to it. 04
  7. 7. NEED MORE? Or if you need help from our professional team, contact us! Article Source: https://www.clickittech.com/wordpress/wordpress- common-attacks 5 Signs of WordPress Attacks ClickIT Smart Technologies Tips for WordPress Security Run an Intrusion Audit WordPress Optimization

×