WordPress is one of the most used content management systems out there. It is used by more than 30% of the online websites and is steadily growing as we speak. However, this amount of popularity also brings a negative impact on the WordPress ecosystem.
Hackers and third-party malicious actors find WordPress a good target to exploit as once they find a way; it opens them to hundreds and thousands of websites that have the vulnerabilities not patched.
In this article, we will be exploring the possible WordPress vulnerabilities and also learn how to fix them. So, without any delay, let’s get started.
SQL Injection and URL Hacking
Problem: One of the most common WordPress vulnerability includes SQL injection. WordPress is a server-side CMS which uses PHP. This means that it executes PHP scripts. All of these opens it up for the URL hacking and SQL injection vulnerabilities.
So, how it is done? It is done by adding URL parameters and then sending it to the website. WordPress would act using the parameters without proper authorization. The whole idea of SQL injection runs around the approach where the URL is modified so that WordPress acts on it and triggers specific tasks on the server side. For example, a hacker can reveal database entries and also take control of the WordPress dashboard.
Solution: The good news is that it is fairly easy to solve. All you need to do is find the .htaccess file on your server It is an access rule file used by Apache web server. Once done you need to use the code mentioned below. This will also keep the hackers away from using SQL injection technique.
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_METHOD} ^(HEAD|TRACE|DELETE|TRACK) [NC]
RewriteRule ^(.*)$ – [F,L]
RewriteCond %{QUERY_STRING} \.\.\/ [NC,OR]
RewriteCond %{QUERY_STRING} boot\.ini [NC,OR]
RewriteCond %{QUERY_STRING} tag\= [NC,OR]
RewriteCond %{QUERY_STRING} ftp\: [NC,OR]
RewriteCond %{QUERY_STRING} http\: [NC,OR]
RewriteCond %{QUERY_STRING} https\: [NC,OR]
RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} mosConfig_[a-zA-Z_]{1,21}(=|%3D) [NC,OR]
RewriteCond %{QUERY_STRING} base64_encode.*\(.*\) [NC,OR]
RewriteCond %{QUERY_STRING} ^.*(\[|\]|\(|\)|<|>|ê|”|;|\?|\*|=$).* [NC,OR]
RewriteCond %{QUERY_STRING} ^.*("|'|<|>|\|{||).* [NC,OR]
RewriteCond %{QUERY_STRING} ^.*(%24&x).* [NC,OR]
RewriteCond %{QUERY_STRING} ^.*(%0|%A|%B|%C|%D|%E|%F|127\.0).* [NC,OR]
RewriteCond %{QUERY_STRING} ^.*(globals|encode|localhost|loopback).* [NC,OR]
RewriteCond %{QUERY_STRING} ^.*(request|select|insert|union|declare).* [NC]
RewriteCond %{HTTP_COOKIE} !^.*wordpress_logged_in_.*$
RewriteRule ^(.*)$ – [F,L]
</IfModule>
Brute-Force Login Attempts
Problem: Brute-Force login attempts are also popular among malicious actors. However, this is not a WordPress specific vulnerability, but it is an extremely common attack on WordPress website. In this attack, hackers attempt to gain access to the WordPress admin panel by guessing the username and password.
They use bots and automated scripts to ensure that they can make unlimited attempts. Their method works to reveal the combination by attempting millions of times. Firstly, if a website is going through brute-force attacks, it will slow down. Also, if the hacker gets the credential, he can take full control over the website
Solution: You can stop brute-force login attempts by limiting the number of login attempts that can be made on your site before the IP gets blocked. It can be done manually, but we recommend using WP Limit Login Attempts. You should also use a strong password with a mix of alphabets, numbers, and symbols. You can use online password generators to get strong passwords.
Stored Cross-Site Scripting Vulnerability
Problem: XSS vulnerability is an attack done by hackers to inject code directly into the application. It is also a common attack, and you would be surprised how WordPress is not entirely protected from it. By using the exploit, hackers can get access to the WordPress editor which in turn will give access to all the posts and topics.
It is also a common attack to steal visitor’s sensitive information. Moreover, it can also be used to modify the PHP code which leads to Remote Command Execution (RCE).
Solution: The best possible solution is to keep your WordPress updated all the time. You can do that by turning on the automatic updates. Most of the time, unpatched WordPress installations are vulnerable to it. In addition, by update WordPress, you can solve XSS attacks.
Database Tables Prefix
Problem: WordPress database tables have a specific prefix attached to it. It starts with a prefix of “wp_” which means that it makes it easier for hackers to predict and begin hacking the database.
Solution: The solution to the video is to change the prefix of the database. You can do that during the installation process. If you are not sure how to do it, we recommend checking for online tutorials on the subject or reach out to WordPress experts. You can also use plugins such as iThemes Security Plugin to protect your website against this kind of vulnerabilities.
Default Admin User Account Vulnerability
Problem: When you first set up your WordPress website. It creates a default admin account with the username of “admin.” With username so obvious, hackers can start guessing the password and gain access to the backend.
Solution: The solution is straightforward. You need to create another user with admin privileges. Once done, you need to get rid of the “admin” username account. This will help you protect your WordPress website backend much better.
Sensitive File Visibility
Problem: Not all WordPress files are protected correctly. This means that some sensitive files are open to the public which can lead to issues. These files include backup files that are created during the backup process. Hackers can gain access from these files as they contain information useful to hackers. Other types of files that can be left open to the public include sensitive log files, configuration files, and so on.
Solution: You can solve the vulnerability by disabling access to the directory listing plugin. You can do that by using a directory listing plugin. Furthermore, you can also add code to .htaccess and ensure that sensitive files don’t leak. To do so, all you need to do is add the following code.
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{REQUEST_URI} ^(.*)?wp-login\.php(.*)$ [OR]
RewriteCond %{REQUEST_URI} ^(.*)?wp-admin$
RewriteCond %{REMOTE_ADDR} !^42\.114\.178\.163$
RewriteRule ^(.*)$ – [R=403,L]
</IfModule>
You can also protect your website’s wp-config configuration file by adding the following line of code into .htaccess.
<files wp-config.php>
order allow,deny
deny from all
</files>
Conclusion
In conclusion, WordPress vulnerabilities are a serious threat to any WordPress owner. However, we listed the most important WordPress vulnerabilities and their solution. So, are you going to fix the vulnerabilities listed here? If yes, let us know in the comment section below.