Relying on Data to Mitigate the Risk of WordPress Website Hijacking

One of the most not unusual strategies cybercriminals use to deliver phishing and malware to unsuspecting users is compromising valid web sites, including the ones hosted on WordPress, to house their very own malicious content without cost.

The URLs of compromised sites used for phishing assaults attain customers via unsolicited mail emails, allowing safety specialists to track their extent. In 2016, in keeping with an Anti-Phishing Working Group (APWG) document, phishing assault campaigns shattered all previous years’ data, which the firm started monitoring in 2004. The report found out that phishing websites peaked at 158,988 in April 2016, a big wide variety of attacks that continues developing year over year. Once hijacked, the same web site may be used to serve malware.

There are ways to defend users from e-mail-borne attacks, but to preserve the net safer from folks that perpetuate them, we must reduce the delivery chain even earlier. On the seller side, quicker detection can make certain that affected web sites are flagged on time to save you, users, from achieving them, for this reason foiling the attacker’s plans. On the internet site side, administrators should prioritize applying simple safety practices to maintain their sites safer. Users should remain cautious, approximately establishing unsolicited email and having access to links or attachments they obtain inner.

Related Posts :

READ THE WHITE PAPER: SHIFTING THE BALANCE OF POWER WITH COGNITIVE FRAUD PREVENTION

Popularity

Attracts Both Good and Bad

When it comes to the lucrative structures, cybercriminals commonly opt for people who cover more floor. That is why the Windows working gadget is a primary mark for malware, and the Android OS is targeted using over ninety-five percent of all cellular malware. Following that same logic, the WordPress (WP) platform is one of the maximum famous content material management systems (CMS) on the net, holding near fifty-nine percentage of the marketplace share. Therefore, it’s far frequently centered via fraudsters.

The platform is loose to use, open-source and based totally on PHP and MySQL. WordPress is mounted on a web server and may be used as a part of a website hosting carrier or directly on a network host, making it the choice of many internet site builders. The sheer quantity of WordPress-based totally sites makes them herbal targets for spammers and cybercriminals who compromise legitimate websites to host their own malicious content freely. And on account that so many sites are based totally on the same code, locating simply one vulnerability can mean compromising the lot of them, an exercise that black-hat hackers observe to any form of platform.

To hold the platform’s safety in the face of such threats, the WP network has been actively updating the codebase to hold each user and website safe. Since its first release in May 2003, a gradual replacement can boom the web site’s exposure to old vulnerabilities.

IBM X-Force used facts from its web crawlers to log extraordinary websites to illustrate which code model they used. Our data confirmed that a few of the dated WP versions are still in enormous use.

WordPress Versions UsedFigure 1: Relative Number of Websites Hosting Each WP Version as of March 31, 2017 (Source: IBM X-Force)

Minimizing Risk of Compromise

ide. This can mean that a few admins have disabled the automatically replace feature, even though automatiautomated is a regarded safety high-quality practice.

The reason this happens is normally convenience. When updates take vicinity without direct motion from the administrator, unexpected and unsupervised tactics might also crash the application or affect a part of its capability, ensuing in a terrific deal of work to evolve the application to a new supply code or framework version.