Never let your WP become an attack vector

February 9, 2017

What is an attack vector?
An attack vector is a path or means by which a hacker gains access to your server or WordPress (or both) to execute a malicious payload. Attack vectors enable hackers to exploit system vulnerabilities, including the human element.

Why the WordPress attack vector is so appealing to hackers?
WordPress is used by 58.7% of all the websites whose content system we know. Heimdal ’s report states that WordPress represents 24.3% of all websites, that means 142 million websites are currently at risk.

How are they attacking your WordPress?
There are two stages of an attack on any WordPress. The first is reconnaissance, where the bot or human attacker is gathering information about your WordPress. The second is exploitation, where the gathered information is used to gain access to the WordPress.

John Lilly

Our only is our ability to change.

What happens with your WordPress, once is hacked?

You send spam: Hackers run scripts on your website, that bulk emails their targets once they control your site, sending spam email. This affects your SEO ranking, your own mails go to junk, consumes valuable resources from the server. Sends daily hundreds of unwanted emails for everybody - and you're paying for it.

You host malicious content: Hackers use your site to host illegal content like pornography, drug sales or other spam/scam content. Hosting these contents on your domain helps them avoid online filters. This affects your SEO ranking, your domain reputation, consumes valuable resources from the server.

They steal your private data: Stealing personal information of your website members, like email addresses, purchase logs, credit card info, etc. There are rarely visible, and most of the time you are a victim several times until somebody notices these fraudulent activities.

They attack other websites: Once your WordPress is compromised, the hackers use your site to run bot attack scripts that hack into other WordPress websites. Your website at this point is an active part of a cluster of machines called a ‘botnet’ which is a large group of machines used for malicious activity.

Jodi Rell

At the end of the day, the goals are simple: safety and .

Identified as New WP under 30 min

Identified as New WP under 30 min

Aug 03 2017

Your freshly installed, brand new WP is discovered faster than you imagine. Amazingly, even before you are informed. Find out how in…

Unable to receive WP emails

Unable to receive WP emails

Aug 02 2017

If you are unable to receive WordPress emails, then there is a chance that your server is hacked to send spam emails…

WP Security: plugin vulnerabilities July

WP Security: plugin vulnerabilities July

Aug 01 2017

For your , be informed about the latest vulnerabilities in WP plugins: WP Statistics SQL injection reported by Sucuri. Exploit allows…

Unable to Login into WordPress

Unable to Login into WordPress

Jul 31 2017

If you are unable to login to your WordPress site, then there is a chance that hackers may have compromised your admin…

Sudden Drop in Website Traffic

Sudden Drop in Website Traffic

Jul 28 2017

If you look at your analytic reports and see a sudden and constantly dropping trend in your website traffic, then it could…

Easy-peasy WordPress Hacking

Easy-peasy WordPress Hacking

Jul 27 2017

Back in 2013, a web publishing company, Interconnect/IT, released a handy tool for finding and replacing text in a website’s database. This…

No comments

Leave a Reply

Your email address will not be published. Required fields are marked *

Never let your WP become an attack vector

time to read: 2 min
0