The successful open-source content management system like WordPress will become the major outbreak for hackers to crack it out. Spreading and exploiting your WordPress website is none but an easy task if it contains security holes. You have been using themes, plugins, different short codes and lots more which all somehow keep your site at risk. Considering and keeping the things in mind, WordPress security is an important things to consider, not for once, not for twice but till the time you are using the platform.

WordPress

Introduction

Having lesser technical knowledge does play some havoc to your website but also if not some basic things kept in mind on maintaining the security of your WordPress site will also result in huge bursting out condition for some. Say, for example, you have been using WordPress older version – yes I meant here older version, means you still not had updated your site to the latest version – what will happen – the answer is simple – you are pretty much giving space yourself to make for a vulnerable website. Idea and answer here is simple as soon as WordPress new version is released make sure you too update your website with that, as this is something that you don’t have to avoid at any cost.

Now what, only the version update not only play havoc for you but also vulnerabilities in plugins and themes are another issue. The WordPress repository has 25,707 plugins which together downloaded for 479,467,264 times and even still counting (while writing this piece of article). The plugin are of different quality, some updated regularly while some definitely contains loopholes plus some are outdated in nature. In order to don’t be the next victim of this, try to avoid using themes and plugins which have been out of date, having poor credential management, poor system administration, corner-cutting, poor back support.

Evolution

Wondering on how all this happened? Answer is quite simple with ever as internet has evolved, the same way different hacking ways come into existence. Earlier it was just nothing but a few step job, but now with advancement of technology, hackers also working round the clock, understanding codes and finding new and better ways to drag your site and break the code.

Plus with the way malnets make its place, it has been started using for anything to everything, including DDoS attacks, spam distribution, fake AVs, identify theft and lots more. It’s just like a never ending phase as the hackers has automated themselves and their attacks with maximum exposure. Moreover with the ever increase of use of malware automation, resulting in letting hacker focus primarily on gaining environment access.

Common WordPress Malwares

Malware

Although just like any other computing platform there are hundreds of malware types which are active on the web, but luckily not all meant for WordPress. The most common WordPress malwares include backdoors, drive-by-downloads and malicious redirects.

Backdoors

Backdoors surfaces for the first time when multiuser and networked operating systems became widely adopted. Allowing attackers gain access to your environment, a backdoor is a method of bypassing regular authentication, securing illegal remote access to a computer, obtaining access to plaintext and so on. In case of WordPress, it will give access to attackers via FTP, SFTP, WP-Admin etc. Backdoors are very dangerous in nature and can cause huge havoc on your server.

The backdoors attack often happens because of out-of-date software or security holes in code. The vulnerability is known well by hackers because of which they upload their own piece of code into the site, which will functioned as backdoor. To define well in time that whether your site becomes the victim of backdoors or not, simple search a file in your site. In some cases, a file will be named as wtf.php, wphap.php, php5.php, data.php, 1.php and p.php.

Preventing is as simple as one can think of, all you can do is block IPs which looks suspicious, limit the access by default, add two-factor authentication and kill PHP execution. Once you done with this, all you require to clean the existing malicious code that you have in your site, simply delete the file or code and you are done.

This is a commonly found backdoor on many WordPress sites, typically in the file wp-config.php.

or

The listing below is called as “FilesMan,” a very common backdoor script

Drive-By-Downloads

As the name suggest itself, drive-by-download is good enough in spreading the heat waves of malicious code via downloading something. It means basically two things, each concerning the unintended download of computer software from the Internet. The first is the downloading something where a person is authorized but having no knowledge on what in actual s/he is downloading. The second is any download that happens without a person’s knowledge, often a computer virus, spyware, malware, or crimeware.

Out of date software, compromised credentials (including WP-Admin, FTP) and SQL injection all plays an important role in spreading drive-by-download malware. In order to check whether you are infected or not, use a scanner like SiteCheck, Google Webmaster Tools. Both are free services and could provide you all the information you are looking for. Technically sounding outside this, it would be difficult in identifying an infection as it will all depend on its complexity.

To find out yourself that whether your site is a victim, try to find out the following link injections. These are commons although there are still many, wp_blog_header.php (core file), index.php (core file), index.php (theme file), function.php (theme file), header.php (theme file) and footer.php (theme file). Cleaning the malware is not an easy task at all as it will totally depend on how much good you is technically. Once you know at what part the infection is, all you require to clean it up at every single extend.

An example

Source: Armorize Malware Blog

Redirection

An interesting malware to understand and probably used very commonly. Redirection is the practice of subverting the resolution of Domain Name System queries. In simple words, a malicious redirect sends a user to a malicious website. Whenever a visitor is redirected to a website other than the primary one, the website may or may not contain a malicious code. The modification performed for malicious purposes such as phishing, redirecting traffic, statistics collected.

The malicious redirect could be generated via a backdoor. The attacker scans for vulnerability, such as an older version of WordPress the site still using. To detect whether your site is a victim or not, simply check your site’s .htaccess file as that’s the most common place to detect infection while using a free scanner, such as SiteCheck, testing using Bots vs Browser will help you indentifying more easily that your site have been victimized.

Cleaning malicious redirects is a simple thing, simply open your .htaccess file, copy any of rewrite rules which you have added yourself and then identify if there is any malicious code and remove it away. Also make sure you check .htaccess file in complete till the bottom for detecting any errors. Once done, to avoid on having such things happen again in future, simply change ownership of the file or reduce the file’s permission so that except the site’s owner no one can modify it.

An example

Source: Aw-snap.info

Resources

Sucuri Security: Sucuri SiteCheck will check for malware, spam, blacklisting and other security issues like .htaccess redirects, hidden eval code, etc.

Limit Login Attempts: By default WordPress allows unlimited login attempts either through the login page or by sending special cookies. This allows passwords (or hashes) to be brute-force cracked with relative ease. Limit Login Attempts plugin will blocks an Internet address from making further attempts after a specified limit on retries is reached, making a brute-force attack difficult or impossible.

Duo Two-Factor Authentication: Duo Security provides two-factor authentication as a service to protect against account takeover and data theft. Using the Duo plugin you can easily add Duo two-factor authentication to your WordPress website in just a few minutes.

Theme-Check: The theme check plugin is an easy way to test your theme and make sure that it’s up to specifications with the latest theme review standards. The tool run as per the same automated testing tools on your theme as the way WordPress.org uses for theme submissions.

Plugin-Check: Plugin-Check runs most of the checks that Theme-Check uses against all your plugins. It’s a simple tool to test all installed plugins using the tests provided by Theme-Check

Sucuri SiteCheck

Unmask Parasites scanner

Badware Busters

WPsecure

Photo Credit: odysseygateSophos D/A/CH Presseinfo via photopin cc