WordPress is the most popular blogging and Content Management System (CMS) in the world. Simple and powerful, this CMS drastically reduces the effort required to set a functional and attractive website. This popularity makes it a juicy target for hackers aiming to use a compromised web server for malicious purposes. Discover in this article how hacking WordPress is now within the reach of anybody and how to prevent this from happening to you.
Hacking WordPress is now within the reach of anybody
The demonstration “Attacking WordPress” by Mark Montague, shows how easy it is to hack a WordPress installation by just using free tools available on the internet. Best technical knowledge and significant resources needs to hack a WordPress website.
A minimum of common sense, a Kali Linux distribution (the worthy sucessor of Backtrack to perform penetration testing) and three integrated tools can do a lot of damage:
- WP Scan: vulnerability scanner for WordPress that is able to list plugins and related vulnerabilities. It also includes a brute force module to directly attack the WordPress interface.
- Metasploit: one of the most widely used exploitation tools in the hacking/security field. It’s used by both novices and advanced professionals.
- Weevely: a PHP backdoor that allows you to take control of a web server and control it through a kind of Telnet console.
Democratization of hacking tools shows how easy it is to hack a WordPress website and the importance of regularly updating your website. Without forgetting the need of an effective cyber security solution.
48% of attacks target eCommerce websites
The purpose of this article is not to explain how to hack a website but to show how easy it is to achieve malicious acts on a WordPress installation. This could range from identity theft to customer data theft, malware infection or website defacement. These risks may damage your reputation and your turnover. SMBs are less aware of risks associated with the digital exposure of a website. They do not have the financial and technical resources of larger entities.
That’s why OZON has developped the first all-in-one web and eCommerce cybersecurity solution. In minutes and seamlessly, OZON protect any website and webshop in the world against all sophisticated cyber-attacks & frauds. OZON is acting as a business enabler for 95% of small and medium businesses with eBusiness and eCommerce activities threatened by cyber-crime. What are you waiting for? It’s free to try!