In this first article digging into WordPress security, we look at WHY someone might want to hack into your WordPress site. You may think that because you’re not running an e-commerce store, or have financial transactions that your website is not a risk to hackers. This is a false assumption.
In fact would you’d be surprised if I told you that someone/something is trying to get into your WordPress site right now? There are bots out there specifically written to try and access the /wp-login.php page with known combinations of usernames and passwords.
WordPress runs over 25% of the worlds websites, so it attracts the hackers needless to say.
There are a number of reasons a hacker might want to get their hands on your website. Some do it for fun, but the majority of hackers have some financial driving factor.
We’ve listed the main reasons below and we’ll dig into each one in more details.
- Deface site / Take Offline
- Send spam
- SEO spam
- Malicious redirect
- Host a phishing page
- Distribute malware
- Steal user data
- Attack Site
Often for political gain will a group of hackers target high volume sites to get the propaganda message out to the masses. It’s effectively free advertising to a large audience.
Ironically, often the end result is that they take your site down by mistake!
It is understood that over 50% of all email sent on the internet is spam email.
They benefit from your free resources (server CPU processing) & from the fact their email is being sent from your domain often unbeknown to you, so it’s not picked up by the spam watchdog services like Spamhaus.org.
Because email is really fast to send, the hacker has probably already send hundreds, if not thousands of emails, and has unfortunately reached a number of people who’ve then bought whatever product they were spruiking.
If you run Google Analytics you’ve probably already seen this spam.
Spam bots crawl hundreds and thousands of websites every day and send out HTTP requests to the websites with fake referrer headers (to avoid being detected as bots).
The fake referrer header contains the website URL which the spammer wants to promote and/or build back links to.
When your website receives an HTTP request from a spam bot with a fake referrer header, it is immediately recorded in your server log. If your server log happens to be publicly accessible i.e. it can be crawled and indexed by Google, then Google treat the referrer value in your server log as a backlink thus influencing the search engine ranking of the website being promoted by spammers.
If you have a high volume traffic website a hacker may well target your site to redirect traffic to one of their sites. The benefit to the hacker is that they don’t have to rely on visitors physically clicking on links, they are automatically redirected to their website.
Often to ensure being undetected (for at least some time), the hacker will only redirect some URL requests or only specific browsers or device types.
Host a Phishing Page
I’m sure we’ve all seen at least one Phishing attempt, where you receive an email suggesting your Paypal account is suspended and you should click the link to access your account. The hackers set up a page that looks identical to the PayPal page, but when you try logging in, it records your username/password so they can access your actual account.
That page that looks like the PayPal page isn’t hosted on the hackers server because it would be traced back to them. They set those pages up on the server your website is hosted on, after they hacked
Similar to the Phishing example, hackers don’t want to store virus’ on their own servers, so they look for unsuspecting websites and servers to store them on.
Google sometimes scan websites as they crawl, and if they detect your server is hosting malware, they’ll block it to the end visitor, losing your audience trust. Your SEO ranking could also be impacted by this.
Steal User Data
Even if you’re not running a high volume e-commerce site, hackers will still try to gain access to your site for your username and password. Chances are you use the same username and password for PayPal, or eBay, etc. They’ll harvest that combination into their master username/password database for later use, in the hope it will be useful.
Proxy Attack Site
If the hacker is wanting to attack another high profile site, perhaps to flood it with requests in the hope it brings the site down, they’ll look for a distributed network of servers to do this from. Your website could be used as just one of those servers.
Hackers are actively looking for sites that they can attack and take control over in exchange for money – effectively taking it ransom. This is found more regularly in the corporate world than blogs, but it still is a risk.
In the next article we look at how a WordPress website actually gets hacked and how the hackers “break-in”.