Wordpress is a hacker target

How safe is your WordPress site?

Wordpress is a hacker target

WordPress is a hacker target

Long live WordPress …as long you don’t get hacked.

A huge portion of contemporary websites are built using WordPress but unfortunately it is a ‘soft target’ for hackers. Your WordPress website’s security relies on:

  • Your web server ‘neighbours’ security efforts
  • The weakest login to your site
  • and more

WordPress is ‘easy’ so we get complacent.

Website owners tend to get complacent, or are just too damn busy ‘doing the doing’ to be distracted with geeky stuff like website updates, backups and site security… WordPress reinforces this view too, because it just keeps on running…

Web Builders not Website Maintainers

The other thing I note is that majority of web developers tend to be ‘Website Builders’ rather than ‘Website Maintainers’ beyond occasional design or content updates. WordPress needs much more maintenance attention that older ‘flat HTML websites’

Your Web Host is not a Website Maintainer either

The typical web hosting business is focussed on their infrastructure of web servers and internet connections and likely see WordPress as a problem child because it:

  • Uses considerably more server resource than flat HTML sites
  • Is a potential hacker entry point to their servers

WordPress website owners become a headache for Web Hosts because they need more sophisticated technical support. Even restoring WordPress from backup is much more complex (ie time consuming) than a flat HTML site and not something that a web host can afford resource in their modest hosting fee.

Let’s look at some facts about your WordPress site’s exposure to hackers

The hack attacks you don’t know about

Unfortunately your site doesn’t tell you its being attacked. Many of hacked websites I’ve been asked to fix were hacked for days & even weeks before the business owner realised. Its not a good look when your clients have to tell you your site is hacked

But it is possible to see if your site is being ‘probed’ by hacking software looking for ‘exploits

We use a sophisticated firewall in our Website Concierge hosting which dynamically blocks any suspicious activity. If the ‘bad behaviour’ recurs we permanently block the IP. This chart shows the blocks applied by our firewall in the last 12 months.  Feb 2015 is looking to be boomer month with 680+ permanent firewall blocks (that’s over 22 hacker blocks per day)

Firewall blocks Feb 2015

 Where are the hackers from ?

As we reported in Sept 2013 the vast majority of hackers we see are still from China (by an order of magnitude). Surprising by true.

firewall blocks by country

 Server hack types?

This chart shows the nature of server hack attempts, which reveals some interesting if not frightening information.

  • LF_SSHD (yellow) The majority of hack attempts probe the web server’s Secure Shell (SSH)
    A successful attempt would enable the hacker to take over the web server to destroy not only your website but all other sites on the same server. Website Concierge servers have this service disabled because of the significant risk.
  • LF_SMTPAUTH (green) Hackers are trying to gain access to the email server. That’s right – access to email accounts can be a valuable resource for hackers.
  • LF_FTP (pink) Hackers attempting to access your website via FTP to gain control of it and make any changes they want.

firewall blocks by medium

Brute Force Login attempts

In addition to server ‘back door’ hack attempts, hacking software can attempt to break into your WordPress site through the ‘front door’ – your website login screens. Here the hackers software will cycle through User ID and password combinations to attempt to gain an illicit login.

Admin brute force attempt
The Simple History WordPress plugin enables you to conveniently see these hack attempts. In these examples, the hack software made nearly 37,000 attempts to login in as ‘Admin’ – persistent isn’t it? As a basic security process we delete the default WordPress administrators account ‘admin’ for Website Concierge sites.

Do you have the Admin ID active in your WordPress site ? I’d suggest you should remove it!

simple history admin

FYI www.ip2nation.com says this hack attempt was from The Netherlands

Smarter brute force attempt
This hack attempt was slightly smarter, as it first uncovered a real login name for the site, then tried 263 times to login

Simple History Brute Force attempts

FYI www.ip2nation.com says this hack attempt was from Canada

Security depends on the weakest password

The weakest point of defence for a brute force attack is the easiest password to guess, so are you managing the password strength in your site ? There are some excellent password strength WordPress plugins.

Takeaways

OK so maybe there’s more hacking activity than you might have guessed, what should you do so you can get back to doing the doing without spending too much money.

  1. Get some secure hosting
    Cheap hosting is cheap for a reason. You might also end up with website ‘neighbours’ who aren’t as interested in website security as you. In fact you wont even know who they are…
  2. Invest in some good quality WordPress support
  3. Use a professional ‘website maintainer’ to ensure your WordPress site is
    1. Backed up
    2. Updated regularly
    3. Has security strategies implemented and monitored

 

0 replies

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published. Required fields are marked *