It has been learned that hackers have been following a new strategy in recent months to gain admin access to WordPress-hosted websites. The attacks have enabled hackers to run PHP code within the framework and take over the websites.
Recent Hacking Trend on the Rise
The attacks were first publicized by security company Wordfence after they noticed several orchestrated attempts to gain control of different websites in May and June. One common characteristic of these websites is that all of them have had WordPress installed but not yet configured on their servers.
An attack starts with the hacker scanning for the specific URL /wp-admin/setup-config.php. If this particular URL has a setup page, that means WordPress was recently installed on the server but is yet to be configured.
The installation of WordPress on the server prompts the selection of a database, which an attacker can manipulate to his or her favor. Even with just a working WordPress installation and admin access on the hosting account, an attack may already be considered successful as the hacker can already create an admin-level account of his or her own.
Wordfence has stated that these attacks are alarming as the hacking incidents will not only enable attackers to gain control of the websites; it will also give them access to entire hosting accounts, along with all the websites in them. Apart from that, they can upload a plugin, execute a PHP code, install a malicious shell, and gain access to website files. Worse, they can be used to harass and attack other websites and servers.
Website administrators and managers have to be more careful than ever as hacking attacks in general are still high. Brute force attacks peaked at a daily rate of 41 million in June while the peak daily attack volume worldwide was at 11 million. A big number of the attacks come from Russia, the United States, and Ukraine with 224.8 million, 128.5 million, and 89.3 million respectively.
Because of the risks involved with cyber attacks, it is advisable that WordPress users complete configurations right after installation, so that attackers will not have a window of opportunity to gain access to their websites or servers. It will also help if monitoring and auditing is done by the website administrators to see if there are incomplete installations, so that they will be completed as soon as possible. Selecting a good web hosting solution is very important in this regard. While a secure and reliable web hosting service may be more expensive, you can get a better rate by using a WordPress coupon code.
Hack attacks can be very costly to individuals, businesses, and organizations. As such, it is important that you take the necessary measures to prevent yourself from becoming a victim.