Wordpress vulnerabilities

Wordpress default login page name found vulnerability

Wordpress is an open-source content management system which is used as a complete web solution by many enterprise level applications. However due to this openness, there are some vulnerabilities that can cause serious damage to the system.

What is the attack?

The “/wp-login.php” is sometimes accessible externally. This can lead to the following attacks:

  • Brute-force Attack: In this type of attack, an attacker can execute powerful algorithms or dictionaries to guess the right username and password combination. Wordpress by default, does not block users from making multiple login attempts, thus allowing attackers to implement bots for such brute-force attacks.

  • SQL Injection: In this attack, attacker can inject SQL queries in the ‘Username’ and ‘Password’ fields to access or manipulate the MySQL Database and attempt to gain access to the Wordpress admin account or even change the account credentials.

  • DoS or DDoS Attack: DoS or DDoS attack is executed by flooding a website or webserver with a large volume of requests so that the service becomes sluggish and eventually crashes. This directly impacts the user experience.

Impact of the attack:

If any of the above attacks take place, attacker will be able to

  • Steal or modify data
  • Gain access to the admin account
  • Inject malicious scripts into the system
  • Access or modify the SQL Database
  • Crash the website or impact user experience
  • Manipulate the users and permission settings

How to prevent this attack?

We can prevent such attacks as given below :

  • Using updated versions of Wordpress rather than older versions
  • Whitelisting the IP addresses that should have external access to the “/wp-login.php” page.
  • Using strong passwords to prevent brute-force attacks and integrating ‘two-stage authentication process’
CSRF attack