Common Attacks on WordPress Sites 101: Backdoors
Bulletproof Backups for Your WordPress Website
Fortify your business continuity with foolproof WordPress backups. No data loss, no downtime — just secure, seamless operation.
Removing malware from your website, and getting rid of hacks is a painstaking process. When you’re a website owner whose site has been hacked, your online reputation takes a hit. It’s only more distressing when you keep getting hacked. The reason behind this, most of the time, is a ‘backdoor’.
Having a backdoor could be explained with some ease, by comparing it to something we could call a “spare-key situation”.
Suppose you had a spare key to your house, but you dropped it somewhere on your street. Someone creepy has found it, and unfortunately for you, this person also knows exactly where you live. Of course, you don’t know about it, but you notice changes at home.
Whether all the furniture in your house is gone, or whether the sofa is always a little warmer in the morning depends entirely on what this person with the spare key is doing in your house. This means unless you change your locks or employ other security measures, this stranger has full access to your home and will keep coming back.
Hackers also do something similar when they hack WordPress sites.
When a hacker exploits a vulnerability and hacks a site, they want to be able to enter it again in the future. They also want to do so, without needing to put in the effort again. This becomes difficult though if the site owner closes the vulnerability by updating the exploitable theme/plugin. That is why hackers leave behind code called backdoors on the site. This way, even if the vulnerability is fixed, the backdoor remains. Backdoors are inconspicuous because the longer they stay hidden, the longer the attacker has a way to get back in.
Backdoors can give hackers complete control over Arbitrary Code Execution. One of the most common backdoors is ‘Filesman’. Since it’s feature-rich, it allows hackers to perform a variety of functions. However, there are others too, which might be just three-four words of code, but prove to be equally dangerous.
A lot of the time, backdoors are disguised as WordPress files and are hidden by the hacker in a place only they know. You, as an admin, could find the file only if you combed through all the WordPress files. This is especially difficult because backdoors can go in so many different places.
Here are a few places backdoors are usually hidden on your WordPress site:
- In core WordPress folders: Adding a new file to, or modifying an existing file in a core WordPress folder (e.g. wp-includes or wp-admin or wp-content) can easily go unnoticed. Especially in the wp-includes folder, since it contains every file ever included to the site. This is why we noticed a lot of backdoors here.
- In new, innocent-looking folders: Hackers could add hack files to new files that look completely innocuous, like ./images/
- Plugins and Themes: Not many people bother to check these folders after the plugins/themes have been installed. This makes these folders a perfect target. Moreover, a lot of plugins have their own vulnerabilities. Another way hackers install backdoors is by adding a new plugin to the site that looks normal but is actually malware.
Just to give you a general idea, this is how you identify a backdoor (that looks like a plugin file):
These vulnerabilities are sneaky. They can be passed off by a number of malware scanners as legitimate files, because of the way they’re named. This is why it’s so difficult to identify backdoors.
Backdoors are especially infuriating because sometimes hackers choose to leave more than one of them, in many locations. So even if one was discovered, there would be another way in.
Accurate, efficient scanning and hack removal requires time, and technical assistance (which is expensive usually). If you’d like to test the only one-click, automated hack-cleaner that misses nothing, and sounds no false alarms, we suggest that you try MalCare, for free.
You may also like
WordPress is developed with the scripting language PHP and uses either MySQL or MariaDB as its open-source relational database management system. Behind the scenes, the WordPress database stores content such…
On WordPress websites, you can easily reset your user password in the admin area or using the “Lost your password?” link displayed on the WordPress login form. Unfortunately, there is…
Are you facing issues with your current hosting and want to move to a new web hosting? Does the process of moving your website to a new host look too…
How do you update and backup your website?
Creating Backup and Updating website can be time consuming and error-prone. BlogVault will save you hours everyday while providing you complete peace of mind.