WordPress, the world’s most popular content management system, is unfortunately not immune to cyber threats. Recent findings by Kaspersky researchers have shed light on a concerning trend where hackers are exploiting abandoned WordPress sites for nefarious purposes.
What is the New Threat to WordPress Sites?
Hackers are increasingly targeting legitimate but often neglected WordPress sites, converting them into covert phishing traps. By secretly embedding their malicious pages onto these forgotten or poorly-maintained sites, phishing operators can set up lures to capture user inputs. The most frequently impersonated sites include European Banks, popular delivery services, and even streaming giant, Netflix. The sensitive data these fraudulent pages capture, such as website credentials, bank card details, and other personal information, is stored within the website’s control panel. Once compromised, this data can either be sold on the dark web or used to access the victim’s bank or other accounts.
Why are Abandoned WordPress Sites Targeted?
Hackers often target smaller websites that have been neglected or whose owners might not have the resources or knowledge to detect their presence immediately. From mid-May to July 31, 2023, Kaspersky identified 22,400 different WordPress websites that had been hacked and transformed into phishing bait. During this period, users made over 200,000 visits to these compromised sites. Abandoned websites are frequently captured by cybercriminals. Their lack of maintenance and security updates makes them easy targets for known exploits. Moreover, on a long-neglected site, phishing pages can remain active for extended periods since no one monitors the content, making them ideal for scammers.
Which Entities are Most Commonly Imitated?
The most frequently imitated business entities are Netflix, European banks, and popular delivery services. These are used by hackers as a strategy to gain trust and trap unsuspecting victims. For regular users, recognizing the signs of a compromised site is crucial. For instance, if you’re visiting Netflix, the URL should read: https://www.netflix.com. However, phishing domains might have subtle indicators in the webpage URL, such as /wp-Config/, /wp-content/, /wp-admin/, /wp-includes/, or similar. If the destination directory contains a PHP file, it should raise alarms.
How do Hackers Compromise These Sites?
There are two primary methods hackers use to compromise these sites:
- Exploiting Security Vulnerabilities: Platforms like WordPress are not without their vulnerabilities. Hackers can exploit these security gaps to gain unauthorized access.
- Hijacking Administrator Accounts: Hackers can brute-force weak passwords or use leaked credentials, which might be available on the dark web or hacker Telegram channels.
Once inside, these crafted pages are sometimes indistinguishable from legitimate ones. Every section appears as it should, displaying only relevant information. Hackers have also targeted users of platforms like PayPal and Facebook using similar tactics involving spoofed pages.
The Popularity of WordPress: A Double-Edged Sword
WordPress’s global popularity, powering “43.1% of all websites on the internet,” makes it an attractive target for cybercriminals. One significant issue is the vast number of third-party plugins designed to extend the platform’s functionality. New vulnerabilities exploited by hackers are discovered regularly in both plugins and WordPress itself.
How Can You Protect Your WordPress Site and Yourself?
For website administrators, it’s crucial to employ robust security practices. This includes using unique passwords, enabling multi-factor authentication, and regularly updating server software. Since many vulnerabilities stem from third-party plugins, they should be carefully scrutinized and deactivated if not essential. Kaspersky also noted that most hacked websites have broken links on the homepage, as hackers replace original directories with phishing content.
Regular cyber training sessions are vital to educate both website admins and the general public. In today’s risky digital landscape, staying updated and using top-tier cybersecurity tools is the key to staying ahead of threats. VPNOverview recommends using a robust, real-time antivirus solution across all devices. This can detect suspicious webpages and block harmful internet traffic. It’s also essential to use strong passwords across all accounts, ideally combined with multi-factor authentication.
How Can You Stay Updated on Phishing-Related News?
For more updates on phishing and other cybersecurity threats, it’s recommended to follow trusted sources on platforms like Twitter, Threads, and Mastodon. Staying informed is one of the best defenses against the ever-evolving landscape of cyber threats.
Internal Links:
- How to Deactivate a Snapchat Account and Enhance Privacy with VPN
- How to Use a VPN on Mac
- Discovering the Best Cheap VPN in 2023
- Top 50 Best Website with Free Movies
- Scam in Paypal: Top 20 PayPal Scams
- VPN with No Logging: Securing Your Digital Footprints
- Is it Illegal to Use a VPN: Navigating the Legalities
- What’s a VPN For? Understanding VPN Uses, Benefits, and More
FAQ Section:
1. Why are abandoned WordPress sites a target for hackers?
Abandoned or neglected WordPress sites often lack the necessary security updates and maintenance, making them easy targets for known exploits. Additionally, phishing pages on these sites can remain active for extended periods since no one monitors the content.
2. How do hackers compromise WordPress sites?
Hackers either exploit security vulnerabilities in WordPress or hijack administrator accounts by brute-forcing weak passwords or using leaked credentials.
3. Which entities are most commonly imitated by hackers?
The most frequently imitated entities are Netflix, European banks, and popular delivery services.
4. How can one recognize a compromised WordPress site?
Users should be wary of URLs that contain indicators like /wp-Config/, /wp-content/, /wp-admin/, /wp-includes/, or similar. If the destination directory contains a PHP file, it’s a warning sign.
5. How can website administrators protect their WordPress sites?
Administrators should employ robust security practices, including using unique passwords, enabling multi-factor authentication, and regularly updating server software. It’s also essential to scrutinize third-party plugins and deactivate any that aren’t necessary.
6. What role do third-party plugins play in WordPress vulnerabilities?
The vast number of third-party plugins designed for WordPress often introduces new vulnerabilities. Hackers regularly discover and exploit vulnerabilities in both these plugins and WordPress itself.
7. How can individuals stay updated on phishing-related threats?
Following trusted sources on platforms like Twitter, Threads, and Mastodon can help individuals stay informed about the latest phishing and cybersecurity threats.
{ “@context”: “https://schema.org”, “@type”: “FAQPage”, “mainEntity”: [{ “@type”: “Question”, “name”: “Why are abandoned WordPress sites a target for hackers?”, “acceptedAnswer”: { “@type”: “Answer”, “text”: “Abandoned or neglected WordPress sites often lack the necessary security updates and maintenance, making them easy targets for known exploits. Additionally, phishing pages on these sites can remain active for extended periods since no one monitors the content.” } }, { “@type”: “Question”, “name”: “How do hackers compromise WordPress sites?”, “acceptedAnswer”: { “@type”: “Answer”, “text”: “Hackers either exploit security vulnerabilities in WordPress or hijack administrator accounts by brute-forcing weak passwords or using leaked credentials.” } }, { “@type”: “Question”, “name”: “Which entities are most commonly imitated by hackers?”, “acceptedAnswer”: { “@type”: “Answer”, “text”: “The most frequently imitated entities are Netflix, European banks, and popular delivery services.” } }, { “@type”: “Question”, “name”: “How can one recognize a compromised WordPress site?”, “acceptedAnswer”: { “@type”: “Answer”, “text”: “Users should be wary of URLs that contain indicators like `/wp-Config/`, `/wp-content/`, `/wp-admin/`, `/wp-includes/`, or similar. If the destination directory contains a PHP file, it’s a warning sign.” } }, { “@type”: “Question”, “name”: “How can website administrators protect their WordPress sites?”, “acceptedAnswer”: { “@type”: “Answer”, “text”: “Administrators should employ robust security practices, including using unique passwords, enabling multi-factor authentication, and regularly updating server software. It’s also essential to scrutinize third-party plugins and deactivate any that aren’t necessary.” } }, { “@type”: “Question”, “name”: “What role do third-party plugins play in WordPress vulnerabilities?”, “acceptedAnswer”: { “@type”: “Answer”, “text”: “The vast number of third-party plugins designed for WordPress often introduces new vulnerabilities. Hackers regularly discover and exploit vulnerabilities in both these plugins and WordPress itself.” } }, { “@type”: “Question”, “name”: “How can individuals stay updated on phishing-related threats?”, “acceptedAnswer”: { “@type”: “Answer”, “text”: “Following trusted sources on platforms like Twitter, Threads, and Mastodon can help individuals stay informed about the latest phishing and cybersecurity threats.” } }] }