Relying on Data to Mitigate the Risk of WordPress Website Hijacking

One of the most commonplace techniques cybercriminals use to supply phishing and malware to unsuspecting users is compromising valid websites, consisting of those hosted on WordPress, to house their own malicious content material for free.

The URLs of compromised websites used for phishing assaults attain customers via junk mail emails, allowing safety experts to keep song of their quantity. In 2016, in line with an Anti-Phishing Working Group (APWG) file, phishing assault campaigns shattered all previous years’ data, which the company commenced tracking in 2004. The file revealed that phishing websites peaked at 158,988 within the month of April 2016, a large number of attacks that continues developing yr over yr. Once hijacked, the identical web page can be used to serve malware.

There are methods to defend customers from e mail-borne attacks, however to maintain the internet safer from individuals who perpetrate them, we have to cut the delivery chain even in advance. On the vendor aspect, faster detection can make certain that affected websites are flagged on time to save you users from reaching them, for this reason foiling the attacker’s plans. On the internet site side, administrators need to prioritize making use of primary safety practices to preserve their websites safer, and customers need to stay cautious approximately establishing unsolicited electronic mail and getting access to hyperlinks or attachments they receive inside.

READ THE WHITE PAPER: SHIFTING THE BALANCE OF POWER WITH COGNITIVE FRAUD PREVENTION

Popularity Attracts Both Good and Bad

When it comes to the beneficial platforms, cybercriminals usually opt for those that cowl more ground. That is why the Windows operating gadget is a primary mark for malware, and the Android OS is focused by means of over 95 percentage of all cell malware. Following that equal logic, the WordPress (WP) platform is one of the maximum famous content material management structures (CMS) on the internet, keeping near 59 percentage of the market percentage. Therefore, it’s far frequently targeted by fraudsters.

The platform is loose to use, open source, and based on PHP and MySQL. WordPress is hooked up to a web server and may be used as a part of a website hosting provider or immediately on a network host, which makes it the choice of many website builders. The sheer amount of WordPress-primarily based sites makes them herbal objectives for spammers and cybercriminals who compromise valid websites to freely host their very own malicious content material. And considering that such a lot of websites are primarily based on the identical code, locating simply one vulnerability can mean compromising the lot of them, a exercise that black-hat hackers practice to any form of platform.

 

Related Articles : 

To preserve the platform’s protection in the face of such threats, the WP network has been actively updating the code base to maintain both users and websites safe. Since its first launch in May 2003, there have been 238 releases, a lot of which addressed security problems or vulnerabilities.

The maximum recent security update, v4.7.3, become launched on March 6, 2017, adding similarly fixes and protection to the existing distribution. But our information indicates that internet site builders are gradual to update, which could boom the website’s exposure to vintage vulnerabilities.

IBM X-Force used statistics from its net crawlers to log extraordinary websites with an indication of which code model they were the use of. Our facts showed that a number of the dated WP variations are still in extensive use.