Malicious software, malware and computer viruses are becoming very common situations online. A new hacking attempt takes aim at WordPress installations due to the security holes and vulnerabilities contained in WordPress natively on setup. Typically a hacked website will redirect its users to websites known to distribute malicious software or malware which will install on the host machine. There are many tactics to accomplishing this feat but it is actually easier than you think.
There are many security holes in WordPress, some of these include unprotected /wp-content-uploads/ folder, showing a README file in your root directory or wp-admin directory and unprotected htaccess files. Lets take a look at each of these and how this facilitates a hacking of your website.
- README: Showing a ReadMe file in your root or wp-admin directory may only be a text file but guess what it tells a hacker? You divulge your WordPress installation version which can determine which sites are chosen to be hacked based on their vulnerability level. Older versions of WordPress are more prone to hacking because they have more security holes than the newer versions. Simple programs can search these ReadMe files to find specific version of WordPress Installations on the web as candidates of sites that can be compromised. Bottom line, delete your ReadMe file from your root or wp-admin directory, it has no relevant content or code needed to run your site.
- htaccess files: htaccess files play a huge role in WordPress permalink structure and page redirection and the lack of an htaccess file can actually return errors like 500, 403 etc. Unsecured htaccess files are a red flag for hackers and are routinely targeted because they are easy to change and go relatively unnoticed. Many malicious infections resulting from a hacking attempt will seek out these htaccess files and add REWRITE statements which will redirect to a malicious software distribution website mainly because they are easy to access and to modify. A visitor may find ‘http://yourwebsite.com which has a fancy contact page located at ‘http://yourwebsite.com/contact’ but with the REWRITE statement active, clicking /contact/ or any other page will redirect to the malicious website and they have just been infected with malware on their computer.
It is important to secure your htaccess files in such a way that it prevents unauthorized changes which could be the result of a hacking attempt. Generally htaccess files are the source of infection on your website but can often be accompanied by an index file programmed to write them. If that index file is not located and removed or cleaned, any repairs to your htaccess files will revert back once you have logged out. Some index files will rewrite their redirect commands after midnight to override any changes or cleaning you may have done, this also helps to keep you guessing as to where the infection is coming from.
Please contact us for a free consultation on removing malware from your WordPress website or other website and we can recommend other security measures that can prevent it in the future.