30 Jan 2024
Backdoors are incredibly irritating!
Now, let’s get straight to the point 😉
But what is a backdoor exactly?
A backdoor is a piece of code that allows a hacker or script to gain access to your WordPress admin or server. This can be a file that sends your wp-config data via email or FTP credentials.
Information found in the wp-config file:
Your database information is stored here. If a hacker or script gains access to your database, it can create pages, posts, and even add a new administrator user!
What a hacker or script can do with FTP credentials on your website:
These credentials allow multiple files to be uploaded. These files can then forward login details via email or send spam.
Is there no Dutch equivalent for “backdoor”?
Yes, the Dutch term for it is “achterdeurtje” (backdoor). However, you can assume from statistics that there are more international programmers who develop backdoors than Dutch programmers.
How do you find a backdoor?
The most effective way to find a backdoor is to compare the WordPress core files and the server files. At a NERD level, I know by heart which files should be in WordPress (they often start with “wp-” in the core), so I can easily spot any new files. This is especially useful since hacks are international and tend to have strange filenames.
Why do you keep mentioning a hacker OR script?
When you have an important website, a hacker may make the effort to personally hack your WordPress website and insert a backdoor. However, 95% of attacks on websites and the placement of scripts/backdoors are automated by scripts.
If you have invested a lot of effort into developing a website, maybe even had a beautiful design made by a Photoshop designer and implemented it, you may believe that it’s professionally done and your website won’t be easily hacked. Especially not by some silly robot! But unfortunately, reality is different. Even if the developers and programmers understand WordPress well, security is a whole different world! And I can tell you this from experience. I’ve been developing websites for over 10 years, but every year as I delve deeper into the world of hackers and code, I learn more, and most importantly, I’m amazed by their coding creativity.
I’ve removed the backdoor. Problem solved?
No!! (sorry)
A backdoor is placed through a vulnerability in the plugins, server, or WordPress itself, so it will come back just as quickly as you removed it. Long live the automated digital world…
Can’t WordPress be better secured?
Yes, for that, you need to check which plugins you are using and which ones have vulnerabilities. And if your WordPress is significantly outdated, it needs to be updated.
What do you at WPbeveiligen do against backdoors?
- Investigate
- Inspect file by file
- Reinstall WordPress
- Remove plugins and upload them again (just updating won’t remove hack files and backdoors)
- Install and configure security and monitoring plugins
- Correct file permissions
- Check usernames and their permissions
- And more, but a hacker doesn’t need to know everything!
