Hackers generally like to attack WordPress sites, and thanks to a Check Point report, websites can now work out how the hackers operate as they attack WordPress websites.
After analyzing telemetry data which was received from its security products and perusing through various attacks that WordPress plugins encountered the security firm discovered that the cyber attackers generally liked to start with slow and low automated attacks. This is how they check for any known flaws in the system.
Check Point said after its analysis it managed to find out automated scripts which sent approximately five attacks per minute against several WordPress sites. The attacks were labelled as nothing more than POST and the GET requests. These requests checked whether the files and paths on the WordPress site were in any way vulnerable to payload exploits.
After this, the cyber attackers than just use the information they get from the discovery to start a security status report for the WordPress site. They do not exploit the site immediately but wait until they want to use the security data harvested at later points and compromise the site then. Check Point said that most of the time, the crooks were using the malicious redirects, which inadvertently send visitors to the site to exploit the kit landing pages.
The firm said that in most of the cases involved the attackers used the File Upload flaws to compromise the WordPress sites. In 24 percent of all detected attacks, this kind of attack was used. The rest are as follows: Cross Site Scripting (XSS) – 17 percent, SQL injection – 15 percent, and the Remote Code Execution – 11 percent.
Researchers at the security firm also revealed that attackers did not really care if the flaw was on the plugin or the theme as they just wanted to exploit something.
The most attacked plugin is Revolution Slider, which accounts for 48 percent of attacks. Second place was the WP Symposium and the Inboundio Marketing plugins tied at 6 percent each.
Theme wise, Check Point said the companies involved were plenty, and the statistics were not decisive. The company said the attacks were widely spread between Fusion, Infocus2, Awake, DejaVu, and the Construct themes.
Another security company, Sucuri also published data with relation to WordPress exploits together with information on the Web security. The company used different telemetry data.