WordPress Hole Explained

Alton Elliott
December 2, 2016
757 Views

 There are always vulnerabilities on WordPress since it is an open source website creation tool. When security vulnerabilities are located on the latest version of WordPress, their team responds to it and fixes the hole in security. Hackers can get into these holes to steal content (usually customer data), but they can also add stuff. In my book, Blogging is Murder, Connie Payne adds content to Liz’s site, but usually when a hacker adds something its malware (like in this Wordfence article), code that creates problems with the site or random keywords that impact the SEO of the site.

In the article, the hackers would have been able to get in by connecting their URL through the auto-update function. This is because WP doesn’t require signature verification when updates are installed.

In Blogging is Murder, Connie starts out as a typical fan of the site, lulling Liz into a false sense of security. Liz has her blog comment feature set up to allow all comments to show up on her blog without monitoring from her. Once Connie starts posting weird stuff, she changes that feature so that all comments must be approved by her first. But after that, Connie ups the ante and finds a vulnerability in Liz’s site via WP and is able to get in and create her own admin privileges in the backend of the blog. She now has her own login and password and can edit, add or subtract any content from the blog. Which she does. She actually writes post on the blog under Liz’s name, so it looks like Liz is writing the posts, undermining Liz’s reputation. Her overarching goal is to replace Liz altogether—she plans on pushing Liz out of her home, family and business because Connie believes she can do a better job of being wife, mother and solopreneur than Liz can.Image result for WordPress Hole Explained

Like most bloggers, Liz doesn’t pay careful enough attention to what themes and plugins need updated on her blog. She’s too busy trying to run her business. But old, “unpatched” themes and plugins are the perfect way for hackers to get inside of a blog/website. They create a hole for the hackers to come through. Often when a theme or plugin company (including WP) sends out an update, it’s because they have been made aware of the possible threat, so they fix the issue. But if a blogger doesn’t update it immediately, hackers can get right in.

In the case discussed in the article, the WP host, api.wordpress.org, was at fault. It could have opened up thousands of sites to hackers, not just a few. But hackers are always looking for these opportunities. So. although Liz “invited” the hacker in because she wasn’t cyber security-conscience enough, it could have easily have been something like this that allowed Connie access to the site so that she could hijack it.

Discover the truth about WordPress vulnerabilities and cyber-security in the action-packed cozy mystery, Blogging Is Murder: A Jade Blzackwell Mystery by Gilian Baker, currently available for pre-order on Amazon here.

You may be interested

When to hire a car accident attorney in Idaho? Find here!
Law
10 views
Law
10 views

When to hire a car accident attorney in Idaho? Find here!

Dan McGaw - June 14, 2021

Often, car accidents, collisions, and crashes have devastating consequences. Such accidents are reported in Idaho every month. If you get…

Personal injury 101: Choosing a car accident attorney in LA
Law
11 views
Law
11 views

Personal injury 101: Choosing a car accident attorney in LA

Catherine Park - June 14, 2021

Motor vehicle accidents, crashes, and collisions are all too common in California. Expectedly, more such accidents are reported in LA,…

Is legal separation same as divorce in North Carolina? Find here
Law
11 views
Law
11 views

Is legal separation same as divorce in North Carolina? Find here

Carol Gilmore - June 14, 2021

It is often hard to bring up topics like legal separation and divorce, but sadly, not all marriages are meant…