What is a hack bot? Here’s how to protect WordPress from hackbots

What is a hack bot? Here’s how to protect WordPress from hackbots
datum-geschreven 19 Jan 2024

What is a Bot?
A Bot is simply the abbreviation of a “roBot.”

Bots are 1000x faster than humans.

If we make a simple calculation, assuming that a human can manually attack one website per hour by conducting various security tests on WordPress, and then we see that a bot can attack a new website every 30 seconds with hundreds of requests, we can understand how quickly it can happen.

A computer can execute several million requests (tests) per minute.

In short, your website is hacked by a Bot?!

What the bot does in slow motion:
translated from computer language to human terms

Requests for the WordPress version

  1. Html generator?
  2. Readme.html?
  3. Version.php?
  4. Plugin output?

Requests for active plugins

  1. Directory listing wp-content: plugins
  2. Output in HTML
  3. Function request

And so on… Millions of requests per minute!

And this database of requests is kept up-to-date via, yes… another Bot.

What does the bot do after making the requests?

Once the Bot knows the WordPress version running on your server and the active plugins and theme, it compares this information with the database containing vulnerabilities for each plugin and theme.

This process takes people half an hour, but for the bot, it’s a matter of milliseconds. (Thank you, technology!)

Knowledge is power

When the Bot knows which plugins and themes are running on the WordPress version, it will use that information to exploit known vulnerabilities and inject code into the database and server.

Oh no! Code injections into the database and server? That sounds nasty!

Indeed, it is. The injections add data, including files that become active and send spam, or gather more information about users, or gain access to the server.

How do you protect against bots?

The bots know the standard plugins, the default WordPress version, and compare them.
So, if they no longer know which plugins you are using, which theme, and which WordPress version, the bots are left powerless!

Combine this with the right measures against bots:

  1. Proper file permissions
  2. Directories in unknown locations
  3. Hidden directories
  4. Corrections for injections via the browser
  5. Corrections for files on the server
  6. Blocking users and IP addresses (bots)

Then you can stop the Bots. They are just scripts that follow protocols! Break the habit, and a Bot won’t know what to do.

You don’t have to make these adjustments to your website manually; you have a bot for that 😉
A script, or more specifically, iThemes Security!

De meeste artikelen worden geschreven door Mathieu Scholtes, de eigenaar van WPBeveiligen. Op de hoogte blijven van het laatste WordPress nieuws? WordPress tips? WordPress aanbiedingen?
Connect dan op Linked-in!

Heb je een vraag? Tip of gedachte? Deel die!

Breng me op de hoogte
0 Reacties
Inline Feedbacks
Bekijk alle reacties