How attackers slip inside WordPress
Press Alert

WordPress is an incredibly popular tool for building websites, and don't think the attackers haven't noticed. We'll show you what to watch for.
According to the WordPress website, a staggering 42 percent of the World Wide Web runs on WordPress software. It is not difficult to see why the huge number of WordPress websites around the world is a major draw for attackers. Discovering a WordPress bug allows the attacker to repeat the process hundreds of times. In some cases, they can even automate the process for a rinse-and-repeat attack which could be a real danger for millions of website owners.
This article looks at some of the techniques an attacker can use to gain shell access to a server that is running WordPress. Once they've attained shell access, the attacker can use standard privilege escalation techniques to take full control of the machine.
Pen testers have many ways to describe the structure of an Internet attack (sometimes with seven phases or more), but I prefer to keep things simple. The process starts with an Enumeration phase, where the attacker learns about the components of the target system. Next is an Exploitation phase, which is focused on gaining shell access. I think of the last phase as the Post Exploitation phase, where attackers set up persistence for future access and then start enumerating other resources that the compromised target has access to in order to move around the infrastructure.
[...]
Buy this article as PDF
(incl. VAT)
Buy Linux Magazine
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Subscribe to our ADMIN Newsletters
Support Our Work
Linux Magazine content is made possible with support from readers like you. Please consider contributing when you've found an article to be beneficial.
News
-
2024 Open Source Professionals Job Survey Now Open
Share your expectations regarding open source jobs.
-
Arch Linux 2023.12.01 Released with a Much-Improved Installer
If you've ever wanted to install Arch Linux, now is your time. With the latest release, the archinstall script vastly simplifies the process.
-
Zorin OS 17 Beta Available for Testing
The upcoming version of Zorin OS includes plenty of improvements to take your PC to a whole new level of user-friendliness.
-
Red Hat Migrates RHEL from Xorg to Wayland
If you've been wondering when Xorg will finally be a thing of the past, wonder no more, as Red Hat has made it clear.
-
PipeWire 1.0 Officially Released
PipeWire was created to take the place of the oft-troubled PulseAudio and has finally reached the 1.0 status as a major update with plenty of improvements and the usual bug fixes.
-
Rocky Linux 9.3 Available for Download
The latest version of the RHEL alternative is now available and brings back cloud and container images for ppc64le along with plenty of new features and fixes.
-
Ubuntu Budgie Shifts How to Tackle Wayland
Ubuntu Budgie has yet to make the switch to Wayland but with a change in approaches, they're finally on track to making it happen.
-
TUXEDO's New Ultraportable Linux Workstation Released
The TUXEDO Pulse 14 blends portability with power, thanks to the AMD Ryzen 7 7840HS CPU.
-
AlmaLinux Will No Longer Be "Just Another RHEL Clone"
With the release of AlmaLinux 9.3, the distribution will be built entirely from upstream sources.
-
elementary OS 8 Has a Big Surprise in Store
When elementary OS 8 finally arrives, it will not only be based on Ubuntu 24.04 but it will also default to Wayland for better performance and security.