WordPress Hole Explained

Alton Elliott
December 2, 2016
151 Views

 There are always vulnerabilities on WordPress since it is an open source website creation tool. When security vulnerabilities are located on the latest version of WordPress, their team responds to it and fixes the hole in security. Hackers can get into these holes to steal content (usually customer data), but they can also add stuff. In my book, Blogging is Murder, Connie Payne adds content to Liz’s site, but usually when a hacker adds something its malware (like in this Wordfence article), code that creates problems with the site or random keywords that impact the SEO of the site.

In the article, the hackers would have been able to get in by connecting their URL through the auto-update function. This is because WP doesn’t require signature verification when updates are installed.

In Blogging is Murder, Connie starts out as a typical fan of the site, lulling Liz into a false sense of security. Liz has her blog comment feature set up to allow all comments to show up on her blog without monitoring from her. Once Connie starts posting weird stuff, she changes that feature so that all comments must be approved by her first. But after that, Connie ups the ante and finds a vulnerability in Liz’s site via WP and is able to get in and create her own admin privileges in the backend of the blog. She now has her own login and password and can edit, add or subtract any content from the blog. Which she does. She actually writes post on the blog under Liz’s name, so it looks like Liz is writing the posts, undermining Liz’s reputation. Her overarching goal is to replace Liz altogether—she plans on pushing Liz out of her home, family and business because Connie believes she can do a better job of being wife, mother and solopreneur than Liz can.Image result for WordPress Hole Explained

Like most bloggers, Liz doesn’t pay careful enough attention to what themes and plugins need updated on her blog. She’s too busy trying to run her business. But old, “unpatched” themes and plugins are the perfect way for hackers to get inside of a blog/website. They create a hole for the hackers to come through. Often when a theme or plugin company (including WP) sends out an update, it’s because they have been made aware of the possible threat, so they fix the issue. But if a blogger doesn’t update it immediately, hackers can get right in.

In the case discussed in the article, the WP host, api.wordpress.org, was at fault. It could have opened up thousands of sites to hackers, not just a few. But hackers are always looking for these opportunities. So. although Liz “invited” the hacker in because she wasn’t cyber security-conscience enough, it could have easily have been something like this that allowed Connie access to the site so that she could hijack it.

Discover the truth about WordPress vulnerabilities and cyber-security in the action-packed cozy mystery, Blogging Is Murder: A Jade Blzackwell Mystery by Gilian Baker, currently available for pre-order on Amazon here.

You may be interested

Important Aspects Making Search for Social Media Agency Easier
Featured
28 views
Featured
28 views

Important Aspects Making Search for Social Media Agency Easier

admin - November 14, 2018

You should rest assured that more than 20% of the businesses have been known for using social media agencies for…

Best Automatic Feeder for Large Dogs In 2018
Featured
18 views
Featured
18 views

Best Automatic Feeder for Large Dogs In 2018

admin - November 14, 2018

Owners of dogs at least once in their lives are in a situation where they urgently need to leave for…

Looking For Bespoke Software Development Company? Check This Guide
Software
31 views
Software
31 views

Looking For Bespoke Software Development Company? Check This Guide

Jessica Foreman - November 9, 2018

Regardless of whether you need help with business intelligence development or want to create a web application from scratch, selecting…