Introduction
Every day thousands of websites get hacked and about one-third of those sites are based on popular CMS (Content Management System) applications like WordPress, Joomla!, Drupal or Magento. The most popular CMS is, of course, WordPress, which is used on over 60% of all CMS based websites. Since CloudAccess.net specializes in the hosting of CMS applications (Joomla! and WordPress) we are dealing with hacked sites on daily basis.
From our experience, most of those sites get compromised because of the outdated software they use. Since it’s easier than ever to build your own site using CMS applications, more and more people started doing that but in many cases without a deep knowledge about internet security and threats that await there. A lot of time people think that it’s just enough to install the software, add some content and voila the site is ready and won't need any further attention. However, it's actually quite the opposite.
Not only should the administrator keep the core software updated, but also the third party extensions/plugins/templates. They extend the default functionality but at the same time can be used as a backdoor and even disabled for use by hackers since the files/scripts are inside your site directories. Whenever the core software is regularly updated and security issues are quickly patched that’s not always the case with third parties. One needs to carefully choose which extensions/plugins to install and do some research about its history, user base, and regularity of updates before deciding to use it on your site.
How it’s done
There is a lot of ways a site can get compromised, but since the majority of infections are related to outdated web application software, let's focus on how those are targeted.
Since WordPress is the most popular CMS, we’ll take it as an example. It’s possible to remotely scan a WordPress site using command line tools like WPScan and get information about not only the core CMS version but also get a lot of information about the installed third-party plugins. Then it’s really easy to find what can be exploited and used to gain complete control of the site. Such hacked sites can then be used for all sorts of malicious activities like spam abuse, phishing, crypto mining or as a part of the botnet.
There are also other methods of gathering information on what software is installed - one of which are search engines queries like this one: http://domain.com/wp-content/plugins
On a poorly secured site, this could lead to the disclosure of what plugins are installed and help a hacker get an idea of what could be targeted and exploited.
Another method of finding a security hole is simply by checking the site's source code. In many cases, the source code can disclose what CMS and plugins are used.
Smart Updater
Ok so now we know a little bit of how and why sites are getting hacked but the big question is, what can we do to protect ourselves and our work?
There are third-party firewall/protection solutions for both Joomla! and WordPress but they’re more of an additional security measure than the replacement for regular updates.
The only problem with updates is that they can sometimes break the site due to bugs or just plain incompatibilities with other extensions/plugins/templates that are installed. This makes the whole process difficult and frustrating for the average user and it almost entirely limits any automation. There are however solutions that try to tackle those issues and automate the whole update process of not only CMS software like Joomla! or WordPress but also the third-party extensions that are installed.
One of them is Smart Updater which was recently introduced on our platform - https://www.cloudaccess.net/smart-updater.html
Smart Updater not only automatically updates your site and all its extensions - it also checks to see if the site works correctly and can even compare its appearance to screenshots of the site before the updates were applied. In there are problems it can rollback the site to a backup that was created before the update happened and bring the site to its initial state, minimizing possible downtime.
If you are interested in using the Smart Updater you can contact our Support Team for assistance or purchase it directly from within our Cloud Control Panel.