Introduction to WordPress Security Weekly

Security within the WordPress ecosystem is something that has recently become as important as the website performance. In fact, security incidents may lead to the worst kind of performance issues, which can lead to a longer period of downtime.

While downtime is usually a temporary issue, the data loss is not. Hackers target websites for different reasons, so before we get into the “how”, let’s talk about “why” first. Why exactly are websites under the attacks in the first place?

Monetary motivation

In most of the cases, the motivation for hackers to target websites is either directly or indirectly connected to a monetary gain. Websites are an online resource, which can be harvested in many ways.

Here are some of the most popular ways how compromised websites are being used to earn money.

DDoS services

Hacked websites can be added into a zombie network or a botnet, which can then be controlled by the hacker to perform further attacks. A very common service that is being sold is DDoS attacks aka Distributed Denial of Service attacks which flood the target with large requests to overwhelm the server which will then stop working.

Traffic hijacking

A very common technique is to redirect traffic to an ad network or to another site. Since hackers mostly target popular vulnerabilities to compromise as many websites as possible, this allows the hackers to direct a very large volume of traffic to different scams, blackhat SEO sites and to phishing pages.

Server resources

Hacked websites are often used as a proxy to host bots, malware, phishing pages, crypto miners (not so common anymore), C&C (command & control centers) and more. Server resources cost money, but the hackers get them for free as the owner of a compromised website is paying the bills.

Ransom

A very common technique used by hackers is to download the entire database of a website and then delete it from the server. Hackers then ask for a ransom and hope that the site owner does not have backups and therefore opts into paying the ransom to get the website back up.

Stolen data

Another very common way for hackers to earn money is to steal credit card information and other credentials that they could sell to other criminals. E-commerce websites are often targeted with malware which intercepts the payment process to steal the credit card information and billing details.

Other motivations

There are also non-monetary motivations, which are less common. Here are some of the other motivations why hackers might target & compromise websites.

For the lulz: A very common thing amongst teen script kiddies is “defacing”, which means that the content of the website is changed to serve a message from the hacker. While these are the most visible attacks, they happen to be the least dangerous as it will be immediately clear that the site is compromised and they are mostly only after adrenaline rush and exposure.

Political: Defacements are sometimes also politically motivated, in which case the message has a specific agenda. They become more common when ever there are big global events, such as war. The same hackers who have been doing defacements “for the lulz” then rally behind the same message.

Hacktivism: A more targeted politically motivated hacking is called hacktivism. This is different from the others as the targets are not as random and the attack techniques are often more advanced. A good example is hacktivism against oil companies, animal fur producers, etc.

APTs: Advanced persistent threat actors are often state run or state sponsored groups that mostly stay stealthy and target high-value websites to gain further access into bigger & more business critical (and often nationally important) IT systems.

Why is “why” important?

It’s incredibly important to understand the motivation of who we are facing to get a sense of your potential risk. For example, if the website you manage is not connected to a national database of personal information (or something critically important), it’s less likely that you’ll be targeted by APTs. If you are however managing websites that could potentially be targeted by hactivists or by APTs, you should put much more resources into security compared to a simple website of a local cafe. The same applies to e-commerce stores that collect billing information and allow credit card payments.

Understanding the “why” allows you to understand the potential risk level for each website and take proper actions to mitigate that. Most of the attacks are automated, completely opportunistic and random to gain maximum monetary gain, so regardless of the risk level, every website needs to have the basics covered.

Next week, we’ll jump into “how” the hackers with different motivations target websites and how you can map your WordPress website attack surface.