When it comes to open-source content management systems (CMS) like WordPress, hackers are not-so-secret admirers. And in this case, love conquers all. Or at least often.
These easy-to-use systems have quickly become popular among individuals and businesses alike. It's estimated that WordPress alone owns close to 61 percent of the CMS market share, followed by Joomla and Drupal respectively. Combined, they represent almost three fourths of the CMS market.
But it’s also estimated that over 70 percent of WordPress sites are vulnerable.
The very nature of how a CMS works has always been an appealing target for hackers of any skill-set. With the use of plugins, modules and core frameworks, there's a plethora of entry points to exploit.
What is it that hackers look for and how do they exploit these systems? They typically find sites powered by specific systems simply by using Google to look for anything from old installations of the CMS to unpatched third party plugins. Vulnerabilities are discovered almost daily for modules and plugins, as well as the frameworks or CMS core. Once a vulnerability has been publicly disclosed, it's just a matter of time before it's exploited. Hackers perform reconnaissance to identify unpatched plugins and frameworks. Then, they move in. The types of exploits range from remote code execution to cross-site scripting attacks.
Sounds easy right?
Well it kind of is. There are actually tools you can download to automate the entire process (often included in pen-testing distributions such as Kali Linux).
Here's what you can do to prevent your CMS from being hacked:
- Update and patch your CMS as well as plugins, modules, or any third party software being used by the CMS.
- Use strong passwords for user accounts, change them frequently.
- Use security plugins and consider using a Web Application Firewall (WAF).
- Consult a professional to audit and secure your site.
Our team at OOHology takes every effort to ensure our sites are secure. If you have security questions about your site, no one loves talking shop more than our COO, Chuck Burke. Give him a shout.