Skip to content

WordPress Security Improvement “Plugin Vulnerability”

One of the most commonly used methods for hacking WordPress is to use plug-in vulnerabilities.

In this article, we will explain the most serious vulnerability, an arbitrary file upload vulnerability, and how to prevent it.

Risks of file upload vulnerabilities and what can be done

All WordPress plug-ins that can be downloaded from the official website can be read by anyone with a free license called GPL.
Plug-in vulnerabilities continue to be discovered by people, including security companies and various hackers, and are shared online .
If a plug-in with many users has vulnerabilities that allow external uploading of files, it becomes a good target for hackers.
And the fact is that plug-ins containing such vulnerabilities continue to be used on many sites.

Also, vulnerabilities that are not yet shared in public are called 0Day, and are sometimes traded at a high price in the hackers community.

For example, if the following code is included somewhere in the plug-in, a hacker can upload a any program file to the server. (In practice, this is a more complicated code, but the code has been simplified.)

if(isset($_POST['setting']) && isset($_POST['filename'])){
    $file = $_POST['filename'];
    file_put_contents($file, $_POST['setting']);
}

There are multiple vulnerabilities in this code, such as not checking the received data for validity, independent from other WordPress functions, and not performing illegal string evasion (escaping).
Programmers can leave such code somewhere with a simple mistake.

A file upload vulnerability could allow hackers to do the following as malicious activity on the server:

● Output the contents of wp-config.php as text and read database information
● Browse the database to increase the number of users, or change the passwords of users with existing administrator privileges
● Spam mail distribution program install
● Embed virtual currency excavation code
● Embed code that redirects users to another site
● Embed virus delivery code

ETC

With one such vulnerability, that everything you can do with WordPress goes into the hacker ’s hands.

How to prevent plug-in vulnerabilities from being used by hackers?

1 Check for plugin vulnerabilities

Check your site for plug-in vulnerabilities. Search for your plug-in, or check if a vulnerable plug-in is used with our WordPress Doctor Malware Scan & Security Plug-in.

2 Hide plugin version

Hackers investigate vulnerabilities by checking which plug-ins are used and their versions.
WordPress Doctor Malware Scan & Security Plug-in can hide WordPress and plug-in versions. Please use it.

3 Disable output of index list

If the index file does not exist in any folder, the server automatically generates and outputs the file list contained in that folder.
The reason why it is dangerous is that the search engine picks up a list that includes the path in this folder, and if hacker search for a specific character string, it will appear in the search results.

Hackers use this technique to find targets to attack. (This method is called Dork)
You can prohibit the output of the index list with WordPress Doctor Malware Scan & Security Plug-in.

4 Check for unauthorized files or code uploaded to your server

The code uploaded by hackers is obfuscated, and hacking is done on multiple sites, so there is some commonality.

WordPress Doctor Malware Scan & Security Plug-in constantly updates these common codes in the database and can detect the latest malware code patterns.

There is also a function that automatically scans in the night, so if a malicious code is uploaded, it can be detected within 24 hours.

5 Remove unused plug-ins

Some plug-ins can exploit vulnerabilities by accessing the file directly even if the plug-in is not enabled.
You can reduce the risk of hacking by updating plug-ins that are not enabled or removing them if they are not used.

6 Update the plug-in

We recommend that you update your plug-ins as often as possible. The latest plug-ins may have resolved their vulnerabilities, and no vulnerabilities have been discovered yet.