WordPress is one of the most commonly used content management systems. It is used on more than 30% of online websites and continues to grow. But this popularity also has a negative impact on the WordPress ecosystem. Hackers and third-party malicious actors look for good objects that WordPress can use maliciously after finding methods. It has been exposed on hundreds of websites, and there are unpatched vulnerabilities. This article will also learn how to navigate and fix possible word press vulnerabilities. Well, we can’t wait to start. SQL injection and URL hacking
Problem: one of the most common WordPress vulnerabilities includes SQL injection. WordPress is a server-side CMS using PHP. This means running the PHP script. All of these open up the possibility of URL hacking and SQL injection vulnerabilities. What to do? Just add a URL parameter and send it to the web site. WordPress works with parameters without proper approval. The whole idea of SQL injection is implemented around a method that modifies the URL, makes WordPress operate on it, and triggers specific operations from the server. For example, a hacker might expose database entries and control the word press dashboard. The
Solution: the good news is that it’s fairly easy to solve. On the server. Just find the htaccess file. Access rule files used by the Apache Web server. After completion, you must use the code mentioned below. This also prevents hackers from using SQL injection technology. Male open rewritebase\/rewritecond%{request\u method}^ (head|trace|delete|track) [nc]rewriterule^ (.*) $-[f, l]rewritecond%{query\u string}\\ [nc, or] rewritecond%{query\u string} boot\ In[nc, or]rewritecond%{query_string} label \ = [nc, or]rewritecond%{query_string}ft\: [nc, or]rewritecond%{query_string}http\:[nc, or]rewritecond%{query_string}http\:[nc, or]rewritecond%{query\u string}nc, or] rewritecond%{query\u string}base64\u encode** (.*\) [nc, or] rewritecond%{query\u string} ^* (\[\]\(\) \\\\\\\\\\\\\\\\\\\\\* [nc, or] rewritecond%{query_string} ^* (&\x22; |&\x27; |&\x3c; |&\x3e; |&\x5c; |&\x7b; |&\x7c;)* [nc, or] rewritecond%{query_string} ^* (%24&x)* [nc, or] rewritecond%{query_string} ^* (%0|%a|%b|%c|%d|%e|%f|127\.0)* [nc, or] rewritecond%{query_string} ^* (globals|encode|localhost|loopback)* [nc, or] rewritecond%{query_string} ^* (request option to insert joint statement)* [nc] rewritecond%{http\u cookie}! ^* WordPress_logged_in_*$ RewriteRule ^ (*) $– [f, l] male
Indifference college entrance examination login attempts problem: Brite fice login attempts are also popular among malicious actors. But this is word press
This is not a specific vulnerability, but a common attack on the WordPress website. In this attack, hackers try to access the WordPress administrator panel by guessing the user name and password. They use robots and automated scripts to make unlimited attempts. Their method is to try millions of times to show the combination. First, if the website is attacked by the college entrance examination, the speed will slow down. In addition, after the hacker obtains the credentials, he can fully control the website. The
Male solution: before the IP is shielded, you can limit the number of login attempts that the website can make, so as to stop indiscriminate login attempts. Although it can be performed manually, WP limit login attempts is recommended. In addition, strong passwords that mix letters, numbers, and symbols must be used. You can use the online password generator to get powerful passwords. Stored cross site script vulnerability: XSS vulnerability is an attack by hackers to directly inject code into applications. This is also a common attack. You will be surprised how WordPress is completely protected from attacks. Through exploit, hackers can access the word press editor and access all posts and topics. The
This is also a common attack to steal sensitive information from visitors. You can also use it to modify PHP code that connects to rce (to execute remote commands). Solution: the best solution is to keep WordPress up to date. Turn on automatic update. In most cases, WordPress installations without patches are vulnerable. In addition, WordPress update can also solve XSS attacks. Database table prefix problem: word press database tables come with a specific prefix. Starting with the prefix \
Solution: the solution for video is to change the prefix of the database. Can be performed during installation. If you are not sure about this method, it is recommended that you check the online tutorial on this topic or consult a WordPress expert. You can also use plug-ins such as ithemes security plugin to protect websites from such vulnerabilities. Default administrator account vulnerability: when setting up the WordPress website for the first time. Create a default administrator account with the user name \
Solution: the solution is simple. You must create another user with administrator privileges. When finished, you must delete the \
Solution: the vulnerability can be resolved by disabling access to the directory list plug-in. You can do this using the catalog list plug-in. In addition. You can also add code to htaccess and prevent sensitive file leaks. To do this, simply add the following code: Male rewriteengine opens rewritecond%{request_uri}^ (.*)? WP login\ PHP (*. *) $[or]rewritecond%{request\u uri}^
