WordPress Common Attacks - ClickIT

WordPress Common Attacks

HOW TO KNOW WHEN I'M INFECTED, PREVENT YOUR WORDPRESS FROM BEING HACKED

 

It's very known that today most attacks aren’t so obvious. Most hacks today result in websites becoming infected and then spreading that infection to unaware users and possibly even other servers. It can take quite a bit of time to clean up a mess that may have been there long before you discovered it.

How can a person or organization know when their website has been compromised before it gets out of control? More importantly, how can that same person or organization know their website has been compromised before their customers find it themselves? Actually it really isn’t hard to find a hack.

Here are 5 signs you can watch for to make sure your site hasn’t become a victim.

1) Multiple SiteCheckers

These online site checkers will scan your site and tell you if there is a problem, here is a variety of SiteCheckers that can help you to know if your WordPress is compromised:

  • Hacktarget's WordPress Security Scan https://hackertarget.com/wordpress-security-scan/

Online WordPress Security Scanner to test vulnerabilities of a WordPress installation. Checks include application security, WordPress plugins, hosting environment and web server.

  • Gamasec's Malware Detection https://www.gamasec.com/gsf/AntiMalware.aspx
    This remote website Malware detection scanner investigates URLs in order to detect suspicious scripts, malicious media and any other web security threats hidden into legitimate content and located on your web sites.
  • Webcheck.me Website Scanner https://webcheck.me
    This tool allows you to check your website against many known problems like misconfiguration or malware (and many more).

2) Better WP Security

Better WP Security can also help determine a problem by looking for changes to files on your site. It can look for added, removed or modified files and report back to you via email. As nearly all hacks involve inserting code into WordPress files this can be a good indication that someone has gotten into your site and done something they shouldn’t have.

3.) Google Webmaster Tools

Google Webmaster Tool is one of the best tool for webmaster which you can get for free, and if you have not yet submitted your Website in GWT, you are missing out vital information regarding your website. Google Webmaster Tool can get the data, tools and diagnose for a healthy site, with this tool you can check your WordPress for potential issues that Google has detected.
If Google has detected malware on your WordPress, you or your visitors might see a warning saying "This site may harm your computer." or "The Website Ahead Contains Malware." If you've been blacklisted by Google, one of your best sources for help is Google Webmaster Tools.
Google will watch your site for problems when it scans and report any problems back to you in GWT.

 

gwt

4.) Unusual Activity

Another major indicator your site has been hacked is unusual activity often in the form of a traffic spike or unusual amounts of spam. For example, if you have an old post that suddenly becomes popular for no apparent reason you might have a problem.
Along these same lines you should watch for visitors from unusual parts of the world, and watch for extra comments or anything else that can't be easily explained.

5) Look at the files

PHP files in your theme, the .htaccess file and extra files in your WordPress home directory are all common places you will find hacked code on a WordPress or other site.
What you’re looking for here, in the case of PHP files, is “hidden” or complicated code. Scan your entire file structure for “base64” or look at the ends of your PHP files. If there is anything you don’t recognize it could very well be something bad. In the case of .htaccess look for redirect rules to domains you’re not familiar with, or other blocks of code that make no sense.

Looking through the files manually is tedious and boring but it is, without a doubt, the most effective means of finding an attack as you are exposing an attack directly.

Figuring out that you have a problem might not always be obvious. Most attacks these days will center on .htaccess or a PHP file and will use the infected site to attack its users. Services such as ScanVerify combined with plugins like Better WP Security can help you find the infected files quickly and easily so that, when something does go wrong, you’re back in business as soon as possible.

COMMON WORDPRESS ATTACKS

Thousands of malware types and infections are active on the Internet; fortunately, not all apply to WordPress. We’ll look at four of the most common attacks on WordPress users:

  • Backdoors

A backdoor lets an attacker gain access to your environment via -what you would consider to be abnormal methods- FTP, SFTP, WP-ADMIN, etc. Backdoors are exceptionally dangerous, the most dangerous can cause serious damage on your server; commonly these attack often happens because of out-of-date software or security holes in code.
Like most infections, this one can be encoded or encrypted, however, it’s not always as simple as looking for encrypted code; there are several instances in which it looks like legitimate code.
Backdoors come in all different sizes. In some cases, a backdoor is as simple as a file name being changed, in other cases, the code is embedded in a seemingly benign file.

  • Drive-by Downloads

 

The point of a drive-by download is often to download a payload onto your user’s local machine, one of the most common payloads informs the user that their website has been infected and that they need to install an anti-virus product.
There are a number of ways this attack can get in, the most common causes are Out of date software, compromised credentials (wp-admin, FTP) and SQL injection. These kind of attacks have been functioning as conditional malware, this means that they are designed with rules that have to be met before the infection presents itself. Using a scanner such as SiteCheck to see whether you are infected is possible. Scanners are pretty good at picking up link injections.

drive-by-down

  • Pharma Hack

Pharma hack is one of the most prevalent infections around. It should not be confused with malware; it’s actually categorized as SPAM. Like most SPAM-type infections, pharma hack is largely about controlling traffic. SPAM injections can be identified by navigating your website, looking at your ads, links, posts and pages, but, the most effective method of detection is by enabling some type of auditing or file monitoring on your WordPress website, in order to see when new files have been added or when changes have been made.
REMEMBER: If you’re found to be distributing SPAM, you run the risk of being flagged by Google with the following alert: This site may be compromised!!

pharma1

  • Malicious redirects

 

A malicious redirect sends a user to a malicious website. When a visitor is redirected to a website other than the main one, the website may or may not contain a malicious payload. The malicious redirect could be generated by a backdoor; the hacker would scan for a vulnerability and, when they find it, upload a payload that functions as a backdoor.
Detecting a redirect is not as complex as detecting some of the other infections, it is often found in your .htaccess file or in your PHP files (header.php, footer.php or index.php, etc.) as an encoded redirect. There are a few ways to check for infections like using a free scanner, such as gtmetrix or to listen to your users. You might not detect the redirect, but sometimes a user will alert you to it.

htaccess

WordPress is the most popular blogging and Content Management System (CMS) in the world. If you are running a website that uses WordPress, the above suggestions of how to protect it, prevent it and/or how to detect the malware on your WordPress will help you to avoid your site being compromised or in the worst case scenario, a down time.

Before you think about securing your site, you should start from the ground up and that means making sure that your hosting server is secure in the first place, remember to install legit plugins and themes and always maintain all your installations up-to-date.

ClickIT provides superlative Security Solutions to protect you from Hackers and Malware. We are expert at Security and Optimization. If you need any WordPress solution clic in the Contact Us below".

Looking for a professional team to bring your project to life?

We can help you!

Tagged under: