MILLIONS OF WORDPRESS SITES ARE BEING ATTACKED WITH RECENT BUG | 2021 | WORDPRESS SECURITY

 WORDPRESS SITES ARE BEING ATTACKED WITH RECENT BUG

WHAT IS WORDPRESS?

WordPress is one of the most popular Content Management Systems (CMS) in this world. It was released in 2003, and currently, it is used by over 60 million websites.

WHAT IS VULNERABLE?

The most vulnerable part about WordPress is not its main core, but the additional components, which include themes and plugins.

COMMON WORDPRESS ATTACKS:-

Some of the most common cyber-attacks targeting WordPress-powered websites:

Brute-Force: the login forms (wp-admin/wp-login) are constantly abused, especially if your WordPress discloses usernames through authors names

XML-RPC Exploitation: this module is enabled by default on WordPress, and can be used to initiate brute-force, pingback, denial-of-service attacks. Also, high-risk vulnerabilities such as SQL Injection and Remote Code Execution were found throughout the years in this module.

Vulnerable Plugins & Themes: most custom components were developed without a secure-by-design approach, which led to the discovery of many issues, such as Cross-Site Scripting (XSS), Cross-Site Request Forgery (CSRF), SQL Injections, Remote Code Execution (RCE), and so on.

HOW TO TEST WORDPRESS DEPLOYMENT FOR VULNERABILITIES:- 

You can pull out the WPScan tool from their GitHub repository, and initiate a security scan through the command line.

Also, if you want a WordPress vulnerability scan at a click distance, and even from your smartphone, you can use PenTest-Tools Free WordPress Vulnerability Scanner, which is a cloud-based tool that will discover flaws in your application in minutes.

WHY DO WORDPRESS SITES GET HACKED:-

Quite often, outdated software has vulnerabilities. So when WordPressadministrators use outdated core, plugins, themes, and other software they expose security holes for hackers to exploit.

HOW TO PROTECT YOUR WORDPRESS WEBSITE FROM HACKERS:-

 Statistics show that out of the 80 million websites powered by WordPress, a large portion of them (70%+)  are vulnerable to attacks.

If you think that your website is not part of the 70%, you are wrong. If you also think that nobody cares about your small business website or blog, you are again wrong. 

When your website is hacked, a lot of bad things can happen besides damaging your website’s reputation. You can lose customers, traffic, money, confidential information and not to mention the time, stress, and effort that it will take to clean your website and get it back to a normal state