WordPress is the most common web platform around. The company claims it is used on 38% of the web sites in the world! Originally just a platform for small bloggers, WordPress has turned into the number one way for small businesses, bloggers and even large sites like TechCrunch, Disney, and Sony Music are using WordPress to power their sites. Even ScamTracker is a WordPress site!
So what happens when a platform becomes so popular? It becomes a target for scammers! WordPress has a limited number of features and webmasters can add new functionality by adding things called plugins. These are bits of software written by third party coders that add things like contact forms, maps, and design features. They also allow connections to social media platforms and other feeds. But with all these plugins come security holes.
Many small businesses pay companies to build them a web site and once it’s running, that’s how it stays…for years! The patches necessary to keep WordPress and the plugins secure aren’t being applied. Over time, these sites become ripe for hackers. The hackers run bots that look for known security holes and then run scripts to automatically exploit them when they are found. What they can do with the hacked sites will be the subject of a lot of articles here on ScamTracker.
But first, the important thing is to know that just because you are looking at a site for a local business, school, church…or whatever…it’s still the Internet. You have to keep up your defenses! Never submit ANY information to a site that you would not want public. We recently found thousands of hacked sites for places such as University of Pittsburgh, Santander Bank, and the National Solar Observatory. All of these sites were hacked for use in a scam to steal traffic from Google, so the sites looked the same to most people. But if they had wanted, the hackers could have these sites could have been used to steal user data.
Ironically, as of this writing, at least one of those sites is still infected with malware. But because the sites look the same most of the time, getting the site admins to fix them is difficult. Even when you explain exactly how to spot the hack! So stay vigilant! We’ll be back with Part II to tell you more about WordPress hacks, specific sites that are hacked, what hackers are using them for, and maybe even to identify some hackers!