WordPress Tutorials

Common WordPress Malware Infections

The core of the WordPress security is that it gets addressed very fast and the developers are more involved in maintaing the integrity of the given applications. But with regard to the themes and plugins, it cannot be said like that. Over the past quite sometime, i.e. for about for three years, Web malware has seen an increase in the growth around for about 130%-140%.

And at the same time, WordPress has seen a great amount of increase in popularity as a CMS and blogging platform which powers to ablout 18% of the majority of the websites. However, this popularity comes with a huge price as it makes WordPress an easy target for various web-based virus and malware. This is quite common for most of the tools as and when they become popular.

What makes it vulnerable?

wordpress-vulnerabilityNow the simple answer for this question is that old version of the WordPress along with the built in features and themes along with the vulnerabilities in plugin makes it one of the vulnerable sites. Basically, when the first version of the WordPress got realeased, it became outdated after quite sometime. And the best part is that most of the users have got used to ignoring the nag.

Another issue is the vulnerability in themes and plugins. There are about 20,000 plugins and it is still growing and developing. These plugins are of varying quantity and quality and among them some of them have got various security loops and there are others which are outdated. Not to forget to WordPress is quite popular and there are countless websites which are designed and created using the WordPress tool. The popularity is a kind of attraction which makes it easy for a hacker to gain access to the website of WordPress. So, once they gain access, then it becomes easy for them to go to the millions of website and treat it like a playground for its entertainment.

What are the common malware issues?

The following are some of the common malware issues that you could come across –

  • Drive-by downloads
  • Backdoors
  • Pharma Hacks
  • Malicious Redirects

Drive-By Downloads

drive-by-downloadA drive-by downloads is quite similar to the web‘s drive by shooting. In technical terms, this gets embedded on your website through a certain type of script injection. Basically, the use of the drive-by downloads is to get a playload downloaded to the local machine of the user. Now, what happens is that one of the payloads will inform the user the website has got infected and anti-virus software has to be installed.

So, how does this attack get into the website? Some of the most common ones are SQL injection, out of date tools and software and the available of the credentials compromised

Backdoor

A backdoor will allow the attacker to get access to the environment of the user through what most of the ones would consider as abnormal methods like SFTP, FTP, etc. It is quite easy for hackers for getting access to the website by using the web based GUI and command line. One thing that you need to keep in mind that backdoors can be quite dangerous. If it is not checked it can cause a great amount of damage to your server.

In addition, they are attributed to various cross-site taint and this happens when a website infects another website online. Now how one can know whether one can get backdoors infection as it comes in various sizes. Most of the time, one may come across backdoor will be a simple file name which gets changed like the following –  wphap.php, wtf.php, 1.php, data.php, p.php, etc.

Pharma Hacks

wordpress_pharma_hacksThe pharma hack is one of the most dominant infections which is common nowadays. One should not get it confused with the common malware. It can be easily categorized as a SPAM (Stupid Pointless Annoying Message). Basically, the pharma hack or the so called pharma spam injection would make use of the conditional malware which follows the basic rule that users see.

So what happens is that you may not see the error page as it depends in the various rules. Now the question that comes to your mind is how can one identify it. To put it in simple terms, Pharma hack has evolved making it quite difficult for any person to deduct it. Previously, one could easily view the spam injections which would often in the page making it easy for one to find and even to remove too.

Malicious Redirects

This malicious redirects directs a given user to the malicious website. As per statistics, in the year 2010, about 42, 926 lates domain websites were detected. And in the year 2011, this number rose upto 55, 290 which is quite astronishing. In this count, only primary domains are included and not all the various subdomains.

So, how does one come to know on how the malicious redirects attacks the server. Basically, it comes down to the access. At times, you may come across that the malicious redirect would be generated by the backdoor. Basically, the hacker would check for various vulnerabilities or the old version of WordPress.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.