WordPress powers 30% of the web and is by far the largest content management system (CMS). It’s easy-to-use and fans that range from regular users to developers. However, popularity breeds exposure.
When users adopt a platform, that means there is an opportunity—opportunities for hackers. Because so many businesses and individuals use it, it’s very attractive to hackers. A study looked at over 11,000 infected websites and found 75% were WordPress sites, which is an indication of its vulnerabilities but also their market share. Most of these infections probably started with phishing.
So, how does a CMS that’s so prevalent has so many vulnerabilities? It’s not the platform itself that creates much of these weak spots. Much of the activity in breaching these sites is via plug-ins. Plug-ins are convenient and connect systems and allow them to communicate. But not every plug-in has the same security protocols. It only takes one weak link for hackers to find a way into the application.
It’s not like WordPress didn’t foresee that risk would only increase. Their founder talked about it way back in 2007. Moreover, as the web has grown, no housing billions of websites, the spam that a WordPress site must thwart grows. WordPress sites over 82,000 more spam incidents an hour than they did a decade before.
There are two ways in which phishing can impact WordPress users. First, your site can be set can be compromised in two ways: hackers are using your WordPress site to lure in others, or administrators receive phishing emails.
Phishing’s objective is to obtain sensitive information. It starts with some type of communication with links. It looks legitimate, but that one click is all it takes for the “hook” to work. Where that link goes is to an infected page, one that could be (Read more...)
*** This is a Security Bloggers Network syndicated blog from InfoSec Resources authored by Beth Osborne. Read the original post at: http://feedproxy.google.com/~r/infosecResources/~3/U9VbJqjq94g/