.

.

Sunday, May 28, 2017

Roshan Thpa

Finding and Fixing a Backdoor in a Hacked WordPress Site

    No comments :

wordpress%20security%20questions banner Finding and Fixing a Backdoor in a Hacked WordPress Site

What is a Backdoor?

First, let us be on the same page on what is a Backdoor. This is a method a hacker uses to bypass normal authentication in a website so that he can be able to access the server, while in the process, he remains undetected. This is what most smart hackers do by first uploading the backdoor, so even if you remove the breached plugin, the hacker can still regain access. Worse still is even if you do an upgrade, the backdoor will still remain, making your site vulnerable to hacking. Until when you clean the mess for good, the system is still vulnerable to hacking. How do you clean up the mess for good?

How a Hacker uses a Backdoor to Exploit your System

A back door allows a hacker to create hidden admin username so he/she can access the system. On the other hand, a more complex backdoor allows the hacker to run any PHP code send from the browser. Things get worse with a backdoor that features a full fledged user interface that allows a hacker to send emails that make one think they are coming from the server, run SQL queries and any other thing a hacker might think of. A hacker exploits a system by installing a backdoor in themes, plugins, uploads directory, Includes Folder, and wp-config.php.  Hackers install the backdoor in old and inactive themes so it can survive updates. People don’t upgrade plugins often and some plugins are coded poorly; this makes plugins a potential place for a hacker to hide a backdoor. How to hack a WordPress site shows you how hackers do this normally and this guide is for developers so they can be careful to install a plugin or upgrade a plugin.

How to Clean Up Backdoor for Good

In most cases, backdoors are disguised to resemble a WordPress file. Check the wp-includes folder; a wp-user.php is a backdoor since it doesn’t exist in the normal install, only user.php exists but not wp-user.php.  In the uploads folder a file named hello.php is a backdoor disguised as the Hello Dolly plugin. It can also use names like wp-content.old.tmp, php5.php or data.php; it doesn’t mean that because it has a PHP code in it that it has to end with php. It can even be a .zip file. Encoded with base64 code to perform all manner of hacking operations including redirecting the main page to spammy sites, adding additional pages, and adding spam links
The good news is the current version of WordPress (version 3.4.2) has no known vulnerabilities. Therefore another way of defeat backdoors is by upgrading to the latest version of WordPress at hand.

Roshan Thpa

About Roshan Thpa -

Roshan Kumar Thapa is veteran keen tech-savvy person which has enabled him to qualify for the job. He has knowledge in wide range of IT fields. He is highly trained and skilled in Graphic design, Tally, A+ hardware and networking, AutoCAD, Web Design/Development, Application Development, Video editing, Q-Basic and had good knowledge of C, C++, C# and Java programming. He keeps a keen interest in information technology and loves to keep himself updated through news, magazines, books, and blogs. He likes to learn and share his knowledge. He also runs a blog where he posts updates about the latest advancements in technology and his own teachings as well.

Subscribe to this Blog via Email :

© Copyright 2015 IT WITH ROSHAN . Designed by Roshan Kumar Thapa | Distributed By Thapa Communication . Powered by Blogger .