Unveiling the Growing Threat | Compromised WordPress Sites

The Ever Increasing Rise Of Compromised WordPress Sites

There are several WordPress sites online which have become compromised and are now being used as sites to get your information AKA phishing sites. The sites oftentimes go after your credentials.

Straight from one of Google’s Transparency reports about the increase of unsafe websites in a recent post, a security company Sucuri stated how the number of sites used to phish credentials that have been detected in week has sky rocketed from only about 3,000 to more than 26,000 during 2014.

A correspondence email sent on Wednesday from Tony Perez the CEO of the security company said that the increasing numbers are in direct relation to the growth of certain website properties.

He stated that in the year of 2008 there was only a fraction of the sites which exist today and that the more sites which are established the more infections there will also be. Basically more websites means more infections. Another reason that the numbers are increasing is that there is an increase of CMS type applications lie WordPress, Joomla, and so many others.
Later Daniela Cid the CTO of Sucuri was the direct recipient of another scam email in which he was ordered to “Click Here” to sign and view another Google Document. After he looked through the email he noticed that it led to a WordPres site which was compromised with a hidden phishing site within it.

After further investigation he clicked on the link and was taking further to a very real looking site but was actually a fake login for Google. He wrote in the post and stated that the credentials where likely being logged by the attackers.
Phishing and scam pages like this exist everywhere and usually found within sub-folders of some type or kind. They are not typically linked from any of the main pages of the site but deeper interior pages. This makes them sometimes hard to find and detect. Cid later told SCMagazine that the victims of these sites will usually be tricked through the use of links with scam emails.

The bigger question was then asked, what’s going on with all of these sites in the first place and why are they being compromised?

The team put together a list of websites and used several different fake emails to login to pages for big websites like PayPal, FedEx Halifax, eBay, Alibaba, and several financial institutions. The pages where usually included within other pages which used the wp-includes or wp-content.

Further investigation and analysis showed that 73 % of all the sites which had phishing scams within them were the latest updated versions so it had nothing to do with sites running out of date software.

Even further investigation showed that there were an incredibly high percentage of websites which were running at risk plug-ins like contact forms. The post then explained that the doors were opened to remote command, and SQL injection as well as other various attacks.

WordPress sites are the most commonly at risk websites and are at risk more than any other type of site. They compose more than 23% of the market share making them the largest target as stated by Perez.

The two main aspects which are giving the biggest problems to the WordPress sites are the abuse of access control like poor passwords and usernames as well as other software risk.

Cid stated that anyone running a WordPress Site needs to be more serious about their security standards.
They literally clean out and work on hundreds of compromised websites each day and always see the same issues like low quality passwords and poor access control, no backup as well as the lack of standard security like firewalls.

For more WordPress related news follow our main blog at BjornWallman.com

We also recommend signing up for a managed WordPress service/support like WPMayDay.com that will scan and look after your website 24/7 for a low monthly cost.

blogs

The Ever Increasing Rise Of Compromised WordPress Sites

There are several WordPress sites online which have become compromised and are now being used as sites to get your information AKA phishing sites. The sites oftentimes go after your credentials.

Straight from one of Google’s Transparency reports about the increase of unsafe websites in a recent post, a security company Sucuri stated how the number of sites used to phish credentials that have been detected in week has sky rocketed from only about 3,000 to more than 26,000 during 2014.

A correspondence email sent on Wednesday from Tony Perez the CEO of the security company said that the increasing numbers are in direct relation to the growth of certain website properties.

He stated that in the year of 2008 there was only a fraction of the sites which exist today and that the more sites which are established the more infections there will also be. Basically more websites means more infections. Another reason that the numbers are increasing is that there is an increase of CMS type applications lie WordPress, Joomla, and so many others.
Later Daniela Cid the CTO of Sucuri was the direct recipient of another scam email in which he was ordered to “Click Here” to sign and view another Google Document. After he looked through the email he noticed that it led to a WordPres site which was compromised with a hidden phishing site within it.

After further investigation he clicked on the link and was taking further to a very real looking site but was actually a fake login for Google. He wrote in the post and stated that the credentials where likely being logged by the attackers.
Phishing and scam pages like this exist everywhere and usually found within sub-folders of some type or kind. They are not typically linked from any of the main pages of the site but deeper interior pages. This makes them sometimes hard to find and detect. Cid later told SCMagazine that the victims of these sites will usually be tricked through the use of links with scam emails.

The bigger question was then asked, what’s going on with all of these sites in the first place and why are they being compromised?

The team put together a list of websites and used several different fake emails to login to pages for big websites like PayPal, FedEx Halifax, eBay, Alibaba, and several financial institutions. The pages where usually included within other pages which used the wp-includes or wp-content.

Further investigation and analysis showed that 73 % of all the sites which had phishing scams within them were the latest updated versions so it had nothing to do with sites running out of date software.

Even further investigation showed that there were an incredibly high percentage of websites which were running at risk plug-ins like contact forms. The post then explained that the doors were opened to remote command, and SQL injection as well as other various attacks.

WordPress sites are the most commonly at risk websites and are at risk more than any other type of site. They compose more than 23% of the market share making them the largest target as stated by Perez.

The two main aspects which are giving the biggest problems to the WordPress sites are the abuse of access control like poor passwords and usernames as well as other software risk.

Cid stated that anyone running a WordPress Site needs to be more serious about their security standards.
They literally clean out and work on hundreds of compromised websites each day and always see the same issues like low quality passwords and poor access control, no backup as well as the lack of standard security like firewalls.

For more WordPress related news follow our main blog at BjornWallman.com

We also recommend signing up for a managed WordPress service/support like WPMayDay.com that will scan and look after your website 24/7 for a low monthly cost.

About the Author
Bjorn Wallman
As the CEO of Once Interactive, a highly regarded digital marketing agency, Bjorn possesses a deep understanding of the ever-evolving landscape of SEO. He has successfully guided numerous companies towards achieving higher search engine rankings, increased organic traffic, and improved online visibility.

categories