[ad_1]
[ad_2]
I get quite a few Increased attacks on my wordpress sites and I have to wonder, aside from why these idiots even waste their time trying to hack website when they could be making money – but I digress!
Anyway, why bother? What is there to gain from hacking a wordpress site other than it's easier than a full blown commercially hosted site.
Thoughts?
It boggles the mind
They can use your host to serve their phishing pages or redirect traffic.
it’s all automated, they aren’t wasting anymore time on your website than on any other site.
Yeah, WordFence tells you about every boring little script-kiddie attempt. That can be a little alarming until you realize they’re just meaningless. I’ve been getting this stuff since the late 1990s, for real. Ignore this stuff. And keep your site updated, they’re looking for really old sites with vulnerabilities.
The script kiddies have grown up and raised their own script kiddies.
Cybercreeps suck. And unfortunately WordFence logs every tiny thing. 733t hackers they are not.
Actually that’s the attacking procedure. They will scan all our pages / URLs / endpoints and try to find out possible & known security issues.
Most time, we all neglect some thing & they use it as a back door to attack the site.
They don’t need to know the tools & other security settings in your server / website. It’s all automated & every day, they continue same procedure in multiple applications.
good password, disable xmlrc, updated theme and plugins and (if you have root ssh access) fail2bn and let them play their games in vain
It’s not all malicious you know, white hat “hackers” probe for vulnerabilities as well and it’s all automated.
Usually they target WordPress sites because they’re common, often easy to exploit.
The short answer is that *if* you can compromise a site you can basically gain access to a fully functioning server slice.
Some of us old timers remember the big report back around 2012-2013 where a single server in Russian-controlled Crimea was attacking 30,000 WordPress websites an hour. Security experts said hackers had realized that a) Windows security was really cranking up and b) a slice of a shared hosting account was more powerful than the previous hacker workhorse, the average Windows 95 home PC.
As for why they bother, if one machine can attack thousands of sites an hour it’s obviously no bother at all, right? You just need an old PC (or even a compromised WordPress site!) and a simple script. And therefore it wouldn’t be bother that many or even most are secure because the typical exploits they try tend to be primitive attacks that would only break through to the most neglected, poorly-managed, amateur, or outright abandoned sites.
Which, of course, are the best sites for a hacker to infect. They actually don’t want into your WordPress site, or mine, our our client’s sites, because *we’re* paying attention.
So anyway, yeah, nothing personal about your site. And while it might be a long shot, *if* they can break in it’s a ton of free, network-connected processing power they can use to run their next exploits.