WordPress security is a topic that is of substantial importance to every website owner. In a world where data is more valuable than oil, securing your business’s sensitive data should be considered a number one priority, irrespective of which business or industry you are in. If you still think your data is safe on the Internet, have a look at the following statistics, Remember, the numbers don’t lie.
- Google blacklists 10,000+ websites every day for malware infections and 50,000+ for phishing every week.
- 43% of all cyber attacks target small to medium business
- out of the attacked, only 14 % of small businesses rate their ability to mitigate cyber risks, vulnerabilities and attacks as highly effective
- 60% of small companies go out of business within 6 months of a cyber attack
So, before we look at the importance of WordPress security, it is worth understanding the types of attackers out their and their motives behind the attacks. Let’s look briefly into WHO we are up against, and WHY they do what they do.
The WHO ? – Main Types of Hackers
- White-hat Hackers
- Black-hat Hackers
Just like an activist who distrupts the system to bring public’s attention to a social problem, a ‘Hacktivist’ hacks websites with the goal of bringing awareness to an issue. Most of the time, hacktivists deface website pages and inject a piece of sensitive information to want the visitors (public) to see. The best example is the Panama Papers Leak where hacktivists broke into CIA and FBI wbsites, extracted official information and later posted them online revealing sensitive data. On another occasion, hacktivists changed the ISIS website to show performance-enhancing drugs ;). Whether hacktivism is a crime is a matter of debate. However, it is fair to consider it an cyber attack.
White-hat hackers don’t have malicious intentions because they look for vulnerabilities that can be reported responsibly. White-hat hackers are either developers themselves, employees of organizations, or they are part of a security team responsible for weeding out vulnerabilities thus contributing to making the WordPress community a safe experience.
The bad kind. Black-hat hackers are the ones who exploit vulnerabilities for their personal gains. They are generally feared and disliked because they often break into websites to steal or modify or utilize the resources of that site. In general most black-hat hackers don’t target specific websites since they are not looking to promote an agenda like the hacktivists nor are they looking for specific vulnerabilities for the greater good. They mostly use Kali Linux and are no strangers of using brute forcing techniques to find usernames and passwords for hacking WordPress websites.
The WHY – Why Hackers Hack WordPress Sites
The intention of a hacker can be classified into 3 main categories;
- For Reputation
- To Exploit Your Resources
- To Steal Your Data
1. For Reputation
Black-hat hackers who seek reputation in the hacking community can be divided into two types – experienced hackers and script kiddies.
The script kiddies are amateurs who use readily-available tools to break into websites. Their main purpose is to gain recognition among their peer and they usually don’t have any malicious intentions. Besides the technical knowledge, the hacking community also counts the rampage one hacker is able to create on his own. Since script kiddies are amateurs, performing hacks for them is a learning experience. It’s a road towards higher experience and greater reputation and acceptance in the hackers community. A script kiddy becomes an experienced hacker when he no longer relies on tools to perform hacks and can bypass usual security measure using the malicious code that he crafts.
Experienced hackers are interested in climbing the ladder of reputation that’ll enable them power over the community and also they’ll get paid well for their services. Some years back there was a forum called Darkode which was somewhat like an online black market. Black-hat hackers had profiles on the website and there was a ranking system in place. The ranking would depend on criteria like the number of websites hacked, difficulties faced while making the hack, how big the sites were and finally how satisfied the customers were with the service (assuming that the hack was made following a request made by a customer). The higher one ranked, the more was the recognition and customers would pay more for their services.
If it’s a big website with a good reputation, or if the hackers had to overcome great security barrier, they’d be revered by a community. Experienced hackers are also proficient in utilizing resources. Not all information they acquire is useful to them, therefore they sell them to buyers who are ready to pay a hefty amount for the extracted data.
2. To Exploit Your Website Resources
Generally, website resources includes the website database, servers, its users as well as the visitors. This is what a lot of black-hat hackers are after. Once the hacker gets access to these resources of your website, he/she can then use those resources to perform activities like,
- Attacking other websites
- Driving traffic to other websites
- Sending spam emails
- Storing illegal files
- Mining crypto-currency
- Stealing your SEO
3. To Steal Your Data
As I have said before, data is more valuable than oil!
Data, especially for e-commerce websites are extremely valuable. These data are not available publicly and therefore they are unique. Black-hat hackers sometimes hack sites to retrieve data or information like contact address, medical records, personal preferences, pictures, financial information etc. Hackers use this information:
- To damage reputation by publishing sensitive data.
- To sell this sensitive information to the highest bidder.
- To blackmail the website from where the data has been retrieved (ransomware) and much more.
Now, let’s look at the most common types of cyber attacks in 2019.
Most Common Types of Cyber Attacks
A cyber attack is any type of offensive action against computer information systems, infrastructure, networks or personal computer devices. The common purpose of an attack is to steal, alter, or destroy data and information systems. In this post I will briefly list the types of attacks, we’ll discuss each in detail and ways to prevent each type in the future posts of this series.
- Denial of Service (DoS) and Distributed Denial of Service (DDoS) attacks – A denial-of-service attack overwhelms a system’s resources so that it cannot respond to service requests. A DDoS attack is also an attack on system’s resources, but it is launched from a large number of other host machines that are infected by malicious software controlled by the attacker.
- Man-in-the-middle (MitM) attacks – A MitM attack occurs when a hacker inserts itself between the communications of a client and a server. Here are some common types of man-in-the-middle attacks.
- Phishing and Spear Phishing attacks – Phishing attack is the practice of sending emails that appear to be from trusted sources with the goal of gaining personal information or influencing users to do something. It combines social engineering and technical trickery. It could involve an attachment to an email that loads malware onto your computer. It could also be a link to an illegitimate website that can trick you into downloading malware or handing over your personal information. Spear phishing is a very targeted type of phishing activity. Attackers take the time to conduct research into targets and create messages that are personal and relevant. Because of this, spear phishing can be very hard to identify and even harder to defend against.
- Drive-by attacks – Drive-by download attacks are a common method of spreading malware. Hackers look for insecure websites and plant a malicious script into HTTP or PHP code on one of the pages. This script might install malware directly onto the computer of someone who visits the site, or it might re-direct the victim to a site controlled by the hackers.
- Password attacks – Access to a person’s password can be obtained by looking around the person’s desk, ‘‘sniffing’’ the connection to the network to acquire unencrypted passwords, using social engineering, gaining access to a password database or outright guessing (brute-force or dictionary attacks).
- SQL Injection attacks – SQL injection has become a common issue with database-driven websites. It occurs when a malefactor executes a SQL query to the database via the input data from the client to server. SQL commands are inserted into data-plane input (for example, instead of the login or password) in order to run predefined SQL commands. A successful SQL injection exploit can read sensitive data from the database, modify (insert, update or delete) database data, execute administration operations (such as shutdown) on the database, recover the content of a given file, and, in some cases, issue commands to the operating system.
- Eavesdropping attacks – Eavesdropping attacks occur through the interception of network traffic. By eavesdropping, an attacker can obtain passwords, credit card numbers and other confidential information that a user might be sending over the network.
- Birthday attacks – The birthday attack refers to the probability of finding two random messages that generate the same MD when processed by a hash function. If an attacker calculates same MD for his message as the user has, he can safely replace the user’s message with his, and the receiver will not be able to detect the replacement even if he compares MDs.
- Malware attacks – Malicious software can be described as unwanted software that is installed in your system without your consent. It can attach itself to legitimate code and propagate; it can lurk in useful applications or replicate itself across the Internet.
- And the list goes on…
So, Why is Security Important for Your WordPress Website?
- Your website is your brand. If your website is compromised, so is your business. If the attackers get their hands on your website, they will have the power to speak to your existing and potential customers directly through your website. Once your business reputation is tarnished, it takes a long time and costs a lot of money to rebuild it.
- High security on your website corresponds to high trust in your brand from customers. Your customers expect you to take security measures to protect the private and confidential information they share with you. In the case where the information has gone to the wrong person, your customers are more likely to hold your business accountable.
- Attacks are more common than you think. (stats above!)
- It is difficult to recover from search engine’s ‘Blacklist’. In the context of websites, blacklisting refers to the process of search engines removing a website from their index. Webmasters pay close attention to this because when blacklisted, a site loses nearly 95% of its organic traffic, which can quickly impact sales and revenue. As I mentioned before, Google blacklists around 10,000 websites per day on average for malicious activity.