What Hackers Do with Compromised WordPress Sites
We often talk to site owners who are surprised that their sites are targeted by attackers. Aside from data, a compromised site’s visitors can be monetized in various malicious ways. The web server can be used to run malicious software and host content and the reputation of the domain name and IP address can be leveraged.
Surprisingly, stealing the data adds up to only 1.1% of all hacker attacks reported.
In some cases, hackers replace your content with their own. The attacker is doing absolutely nothing to obscure what they have done, so anyone who visits the site immediately knows that you’ve been hacked.
In other cases the attackers just destroy your site in some way, taking it offline. Based on what we see when performing forensic research on hacked sites, in the majority of these cases, the attacker just screwed up what they were doing and accidentally took your site down.
There are a number of ways attackers can leverage your website to improve their search engine rankings. The first is to simply host pages on your domain, accruing the benefits of your Domain Authority and clean reputation.
Malicious redirects are an incredibly effective way for attackers to funnel traffic to malicious websites. The unsuspecting user doesn’t have to click on a hyperlink or advertisement for it to work, they are taken there directly. Sometimes the attacker will take a very aggressive approach, redirecting all traffic to a malicious site or sites. But in many cases, the attackers will employ measures to avoid detection, such as only redirecting some URL requests, and in some cases only activating the redirect for specific browsers or device types.
The motive here is simply to drive traffic to their malicious content.
Phishing pages attempt to fool the visitor into providing sensitive information. In some cases, they impersonate a bank or retailer and try to get you to give them valuable information like credit card numbers directly. In others, they try to capture your username and password to various sites, including your WordPress site if you’re not careful.
We think the main reason is that the majority of WordPress sites do not store sensitive data beyond user credentials for that site and maybe email addresses. It would also be very difficult for the owner of a hacked site to detect data theft if it occurred, so the numbers are likely understated.
Hosting malicious content is also something that web servers are very often used for. Hackers may use your web server to host malicious files that they can call from other servers. They are essentially quietly using your hosting account as a file server. The attacker gets to store their files free of charge on a server with a domain and IP address that have a squeaky clean reputation. If you were of the opinion that your site couldn’t possibly be of interest to hackers, we hope that this post has changed your mind and given you some insight into their motives and methods.