By David Fiser (Senior Cyber Threat Researcher)
WordPress is a well-known open-source content management system (CMS) used for creating websites and personal blogs. The CMS is estimated to be used by 39% of all websites today, which makes it an ideal target for threat actors. A weak point in the platform is all it takes to allow an attacker to break a website’s security — a risk compounded by security issues brought about by poor cybersecurity hygiene.
Attacks against CMS platforms are not news, but threat actors still find that attacking sites is an effective way to gain a foothold on organizations’ assets to use for malicious purposes. This blog post lists different kinds of attacks against WordPress, by way of payload examples we observed in the wild, and how attacks have used hacked admin access and API, Alfa-Shell deployment, and SEO poisoning to take advantage of vulnerable sites.
Attacking WordPress sites via hacked admin access
This method involves gaining administrator access to a WordPress-powered website. An attacker could exploit a vulnerability or simply log in via leaked or weak credentials, which can be done by sending a POST request to /wp-login.php on a targeted website.
Figure 1. A sample of an attempt to log in with weak credentials
Figure 2. Passwords tested by attackers
After successfully logging in, an attacker with administrator access is presented with multiple ..
Support the originator by clicking the read the rest link below.
