What is an attack vector?
An attack vector is a path or means by which a hacker gains access to your server or WordPress (or both) to execute a malicious payload. Attack vectors enable hackers to exploit system vulnerabilities, including the human element.
Why the WordPress attack vector is so appealing to hackers?
WordPress is used by 58.7% of all the websites whose content management system we know. Heimdal Security’s report states that WordPress represents 24.3% of all websites, that means 142 million websites are currently at risk.
How are they attacking your WordPress?
There are two stages of an attack on any WordPress. The first is reconnaissance, where the bot or human attacker is gathering information about your WordPress. The second is exploitation, where the gathered information is used to gain access to the WordPress.
What happens with your WordPress, once is hacked?
You send spam: Hackers run scripts on your website, that bulk emails their targets once they control your site, sending spam email. This affects your SEO ranking, your own mails go to junk, consumes valuable resources from the server. Sends daily hundreds of unwanted emails for everybody – and you’re paying for it.
You host malicious content: Hackers use your site to host illegal content like pornography, drug sales or other spam/scam content. Hosting these contents on your domain helps them avoid en ligne filters. This affects your SEO ranking, your domain reputation, consumes valuable resources from the server.
They steal your private data: Stealing personal information of your website members, like email addresses, purchase logs, credit card info, etc. There are rarely visible, and most of the time you are a victim several times until somebody notices these fraudulent activities.
They attack other websites: Once your WordPress is compromised, the hackers use your site to run bot attack scripts that hack into other WordPress websites. Your website at this point is an active part of a cluster of machines called a ‘botnet’ which is a large group of machines used for malicious activity.