Published on June 5th, 2016 📆 | 8390 Views ⚑0
Hackers Mostly Targeting On WordPress Sites For Uploading The Files, XSS, And SQLi Bugs
Current report from Check Point that can help some webmasters get an approaching into how they activate.
The security firm analyzes the telemetry data from its security products as well as looked at the attacks of against the plugins of WordPress as well as themes alike.
What the company found is that attackers like to start on slow-and-low computerized attacks by which they check websites for recognized the vulnerabilities.
Attackers use the computerized scripts to inspect the sites of WordPress for vulnerabilities.
Check Point says it distinguished the automated scripts that sent out on an average of five attacks per minute against the sites of WordPress. These attacks were zero more than the requests of POST and GET that inspected if definite files, as well as paths, were susceptible to develop the payloads.
The attackers have never detected these weaknesses of security when they found them but they used the information to generate a report of security status that they used at a later point to cooperate the site.
In most of the cases, the Check Point says that hackers affected the sites with the malicious transmit which sending the guests to develop kit landing pages just like those for Angler.
The security dealer says that in most of the cases the attackers influenced to the vulnerabilities of File Upload to cooperate the websites. Check Point describes it found File Upload vulnerabilities leveraged in 24 percent of all the detected attacks. The rest of the list which are as follows: Cross-Site Scripting (XSS) bugs - 17 percent; SQL injection (SQLi) flaws - 15 percent; and Remote Code Execution (RCE) - 11 percent.
RevSlider left a problem for the owners of WordPress.
The researchers of Check Point also disclosed that attackers did not care if the vulnerability was in a theme or plugin which are attempting to develop the both regardless.
In terms of the most hacked plugin which according to the statistics of Check Points, Revolution Slider that is also known as RevSlider which accounted for 48 percent of all attacks. In a distant second came the WP Symposium as well as plugins of Inboundio Marketing with every 6 percent.
For themes, the statistics were not so important. Check Point says the huge majority of the attacks which spread beside the Infocus2, Fusion, Awake, DejaVu, and Construct themes, with very tiny differences between them.
Last week, Sucuri published a comprehensive report on the state of Web security that also integrated insights into the develops of WordPress sites. You might wish to obtain a look at that report as well since it is based on a various set of telemetry data.