Hacked Compromised WordPress Sites
What Hackers Do With Compromised WordPress Sites : wordfence.com
We often talk to site owners who are surprised that their sites are targeted by attackers. Most of them assume that if there isn’t any juicy data to steal, like credit card numbers, that compromising their site is a worthless exercise. Unfortunately they are wrong. Aside from data, a compromised site’s visitors can be monetized in various malicious ways. The web server can be used to run malicious software and host content and the reputation of the domain name and IP address can be leveraged.
Last month we ran a survey that included the following open ended question for people who reported that their site had been compromised:
What did the hackers do to your site?
We received a total of 873 responses that could be categorized, which we did by hand. The chart below reflects the results. Many of the responses described multiple categories, so the percentages on the chart below deliberately add up to greater than 100%.
We did not include categories for “installed backdoor” or “installed malware”. We consider that to be more of a means to an end. Instead we focused on answering the question, “what’s in it for the attacker?”.
As you can see from the chart there are a wide variety of things that attackers are doing with compromised WordPress sites. Let’s take a look at each of them, so we can better understand the motive behind the attacks that we are constantly defending against.
If you were of the opinion that your site couldn’t possibly be of interest to hackers, we hope that this post has changed your mind and given you some insight into their motives and methods.
Regardless of what you use your site for, how much traffic it gets or how inexpensive your hosting plan is, an attacker can figure out how to make use of it if they can break in. To learn about how attackers gain access to WordPress sites, check out our blog post from last month.