Hacked before you’ve even logged in yourself!

datum-geschreven 15 Jul 2023

That your website is vulnerable when you are highly visible on Google, and that more plugins increase the risk of being hacked, we know. But being hacked even before you have logged in yourself?

That happened to several websites that didn’t complete the installation quickly enough.

How is that possible?!

During a new WordPress installation, the first step is to choose a username and password. You would think that no one can interfere with a new installation. The domain name has sometimes just been registered… no one knows about it yet.

But that’s not the case. The Letsencrypt service used to request free SSL certificates has leaked information, allowing hackers and scripts to identify newly registered domain names and websites.

1, 2, 3 malware

Hackers immediately took advantage of this and if the installation was not completed quickly enough, they filled in a username and password using a script.

They installed a file manager

And they uploaded their own malware.

Good practices

It’s a good practice to complete an installation right away, not just the part where you choose a username and password, but also by installing and configuring a security plugin.

If you don’t have the time or the knowledge to secure your website, let us take care of it!
Request a package in time, and we will be ready to secure your new website immediately.
Secure your WordPress website.

Source: [Security.nl](https://www.security.nl/posting/750062/Let%E2%80%99s+Encrypt-logs+vermoedelijk+gebruikt+voor+infecteren+WordPress-installaties?channel=rss)

De meeste artikelen worden geschreven door Mathieu Scholtes, de eigenaar van WPBeveiligen. Op de hoogte blijven van het laatste WordPress nieuws? WordPress tips? WordPress aanbiedingen?
Connect dan op Linked-in!

Heb je een vraag? Tip of gedachte? Deel die!

Breng me op de hoogte
0 Reacties
Inline Feedbacks
Bekijk alle reacties