DevX Home    Today's Headlines   Articles Archive   Tip Bank   Forums   

Results 1 to 1 of 1

Thread: 5 common WordPress security issues

  1. #1
    Join Date
    May 2020

    5 common WordPress security issues

    The goal of hackers is to gain unauthorized access to your WordPress site at the admin level, from the interface (your WordPress dashboard) or server side (by inserting malicious scripts or files ).

    Here are the 5 most common WordPress security issues you should know:

    1. Brute Force Attacks
    BruteForce attacks refer to password detection method. Bruteforce attack is the simplest way to gain access to your site. To better understand BruteForce, you can refer to more information about Bruteforce on Wikipedia

    By default, WordPress does not limit the number of wrong logins, so hackers can attack your WordPress login page with a bruteforce attack until you find the correct login information.

    2. File Inclusion Exploits
    After Bruteforce attacks, another PHP-related vulnerability (the source code used to write WordPress) is File Inclusion Exploits which is also the next common security issue that can be exploited by hackers.

    The File Inclusion vulnerability allows hackers to gain unauthorized access to sensitive files on the web server or execute malicious files using the "include" function.

    Through this vulnerability, an attacker can read the wp-config.php file and know the database connection information, thereby hijacking your website.

    3. SQL Injections

    Your WordPress site uses a MySQL database to work. SQL Injections occurs when an attacker gains access to your WordPress database and all your website data.

    With SQL Injections, an attacker can create a new administrator user account, which can then be used to log in and gain full access to your WordPress site. SQL Injections can also be used to insert new data into your database, including links to malicious or spam websites.

    SQL Injections usually happen by programmers when the theme code, plugins are wrong and do not filter data carefully before inserting them into the database.

    4. Cross-Site Scripting (XSS)
    XSS attack - security error on WordPress

    84% of all internet security vulnerabilities are called Cross-Site Scripting (XSS) attacks Cross-Site Scripting vulnerability is the most common vulnerability found in WordPress plugins and themes.

    The basic mechanism of Cross-Site Scripting works like this: an attacker seeks to make a victim load websites with unsafe javascript scripts. These downloaded scripts are then used to steal data from the user's browser.

    5. Malware
    malware - security errors on WordPress

    Malware - malware, is malicious code used to insert into websites and collect sensitive data. A hacked WordPress site usually means that malware has been inserted into your site, so if you suspect malware on your site, check carefully the files in the source code. .

    *** Advertising removed so it doesn't look like you're spamming us. Please don't post it again. ***

    The four most common WordPress malware infections are:

    Drive-by downloads (Automatic download)
    Pharma hacks
    Redirects malicious (Redirects)
    To check if your code is infected with malware, you can use wordpress scanning plugins
    Last edited by SpywareDr; 06-18-2020 at 10:42 AM.

Similar Threads

  1. 12 steps to secure WordPress security
    By vakafx in forum Security
    Replies: 4
    Last Post: 01-11-2021, 09:10 AM
  2. WordPress security
    By epcltd in forum Security
    Replies: 4
    Last Post: 10-15-2019, 02:40 PM
  3. security issues....
    By Dieter Debaets in forum VB Classic
    Replies: 0
    Last Post: 06-27-2002, 05:19 PM
  4. Common dialog control issues
    By Michael in forum .NET
    Replies: 0
    Last Post: 07-13-2001, 02:04 PM
  5. Firewall and Security issues
    By Max Fedorov in forum Java
    Replies: 1
    Last Post: 06-16-2000, 05:52 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
HTML5 Development Center
Latest Articles
Questions? Contact us.
Web Development
Latest Tips
Open Source

   Development Centers

   -- Android Development Center
   -- Cloud Development Project Center
   -- HTML5 Development Center
   -- Windows Mobile Development Center