WordPress.org

Ready to get started?Download WordPress

Forums

Why wordpress is so easy for hacking? (10 posts)

  1. technopolic
    Member
    Posted 1 year ago #

    Hello, I work in a hosting company and every day i see a lot of hacked accounts and inserted base64_decode( in it, ometimes even when they are with the lattest version of everythng and not instaleld a lot of templates and plugins. This is a big problem, because by these shell scripts there is a lot of spam and the ip addresses ae in blacklist after that and the customers can't send emails. Also it's awful everyday to clear user's accounts and loss our time in this.

    Can you tell me do you feel the same thing and is there a number of things that can help to stop these (also this post is mainly to the wordpress developers), because I thinks it's security holes in the application. Thank you in advance and best regards from Bulgaria!

  2. michael.mariart
    Member
    Posted 1 year ago #

    I haven't seen an injection attack like that so far that's gotten in through the WP core code. It's always been through a sloppy theme or plugin. WP has a very good record for security when it's sued by itself. When new code is added to it, that code doesn't always follow the same development processes, testing and public scrutiny that the core WP code does and because of this, issues happen. The best example of this is the TimThumb attacks that hit 1,000's of sites. This wasn't due to WP code, or even a bad theme/plugin, but a third-party script that had a security vunerability that was exploited to let hackers gain access to the sites file system.

    If you're continually getting hacked or having to clear out users, you need to go back and have a very careful look at what extras you are using on your site. I'm sure that there will be something in your sites theme or plugins that's either causing it, or allowing it to happen.

  3. technopolic
    Member
    Posted 1 year ago #

    Ok, in the most cases it's so, but how exactly the injection is going, do you know?

  4. michael.mariart
    Member
    Posted 1 year ago #

    It's always been through a sloppy theme or plugin

    That's about all there is to it. Hackers normally scan for known vunerabilities in websites and exploit what they can find. There's no one way to get in - there's 1,000's. Which one they use depends on the site, how it's set up, what version is in use, what theme is used, what plugins are used, what forms are available, etc, etc, etc... It's impossible to list everything here because there's just so many ways that these things can be done.

  5. technopolic
    Member
    Posted 1 year ago #

    Yes, I know that and maybe I didn't asked my question correctly. How do you think that the scan is made - automatically or by using some tools?

  6. michael.mariart
    Member
    Posted 1 year ago #

    Most times it's done automatically using hacking software. Hackers don't spend their time sitting down to work out just how to get into your site (unless your site is very big, or very public). There's a huge range of programs out there that you can download that can do all sort of things to try and break into WordPress as well as a range of other CMS systems. Which is why you always need to kep your site updated to the latest version so the knwon vunerbilities are fixed up.

  7. bcworkz
    Member
    Posted 1 year ago #

    I've also noticed in my access logs a lot of brute force attempts to login as admin. I use strong passwords and don't have an user named admin, so the attempts are laughable.

    I imagine there are users who use the default installation and select a weak password who will eventually fall victim to this kind of attack, so this should be considered another possibly successful attack vector.

    This is no fault of WordPress other than it's popularity. The blame falls squarely on the user for this one.

  8. webvitaly
    Member
    Posted 1 year ago #

    hackers very often try to brute-force 'admin' username;
    it is sad, but this username exist on the most part of WordPress sites with administrator credentials;

  9. MickeyRoush
    Member
    Posted 1 year ago #

    @ technopolic

    If you work at a hosting company, they should already be aware of the basics of hacking.

  10. gcaleval
    Member
    Posted 1 year ago #

    +1 MickeyRoush

    If the hosting environment is such that user accounts are "being cleared every day" the problem, aside from not being about WordPress, may be about the hosting environment itself.

    @technopolic you may find this thread informative:

    http://wordpress.org/support/topic/hacked-by-hacker-1?replies=47

Topic Closed

This topic has been closed to new replies.

About this Topic