Security of WordPress sites
Using components with known Security of WordPress sites flaws is a major factor that allows malicious attackers to infiltrate systems and servers. This weakness is reflected a lot in popular cms platforms like WordPress. Managing open source systems of this type, requires regular maintenance, proficiency in the various components, and of course in their adaptation and assimilation into the system. When one of the components is out of date the malicious hacker is not required to think and reinvent the wheel he is simply exploiting a weakness that already exists and is exposed to the general public, it is not required in sophistication or creativity but in average technical understanding and access to appropriate information.
Plugins
During the robustness test, we used several different scanning tools to examine outdated components and weaknesses that could be exploited later in the test. Among the components found there were a significant number of plugins / templates in outdated versions, these plugins constitute a serious security breach, since at the beginning of the test we were allowed to read sensitive files on the server and examine the settings in the site’s WP-CONFIG file. A known vulnerability has been identified in the “Advanced-access-manager” add-on (version 5.4.3.1) which does not perform sufficient checks on the permissions of the user requesting to read the file.
Using the NMAP tool and the enumeration script – “http-wordpress-enum”, revealed many details about the various components on the site and their versions.
Command:
nmap -p 33480 -sV –script http-wordpress-enum –script-args search-limit=10000 3.120.144.6
The following is the output of the components found and their versions:
|plugins
| akismet
| advanced-access-manager 5.4.3.1 | Vulnerability = Arbitrary File Access/Download
| wpforms-lite
| one-click-demo-import 2.5.1
| category-icons 2.2.3
| plainview-activity-monitor
| 360-product-rotation
| pretty-rev-slider 1.0
| themes
| twentysixteen 1.8
| twentyseventeen 2.0
|_astra 1.6.8
Using the WP-SCAN tool also revealed important information, including the version of Wordpres used.
Pictures for illustration and the course of the test
Scan using Nmap
Scan using WP-SCAN
Utilizing vulnerability in the extension – Advanced-access-manager and reading the wp-config file from the server
Recommendations for repair
Regular updates to all components of the site must be made in a controlled and consistent manner.
Do not download plugins or templates from unreliable sources – (it is better to use plugins / templates for the site from the official library).
Plugins that are not necessary should be removed, apart from the fact that a load of plugins may even create conflicts and disrupt the proper operation of the site, it is very difficult to track and update so many factors frequently.
