Hacked before you’ve even logged in yourself!

/0 Comments/in

That your website is vulnerable when you are highly visible on Google, and that more plugins increase the risk of being hacked, we know. But being hacked even before you have logged in yourself?

That happened to several websites that didn’t complete the installation quickly enough.

How is that possible?!

During a new WordPress installation, the first step is to choose a username and password. You would think that no one can interfere with a new installation. The domain name has sometimes just been registered… no one knows about it yet.

But that’s not the case. The Letsencrypt service used to request free SSL certificates has leaked information, allowing hackers and scripts to identify newly registered domain names and websites.

1, 2, 3 malware

Hackers immediately took advantage of this and if the installation was not completed quickly enough, they filled in a username and password using a script.

They installed a file manager (plugin)

And they uploaded their own malware.

Good practices

It’s a good practice to complete an installation right away, not just the part where you choose a username and password, but also by installing and configuring a security plugin.

If you don’t have the time or the knowledge to secure your website, let us take care of it!
Request a package in time, and we will be ready to secure your new website immediately.
Secure your WordPress website.

Source: [Security.nl](https://www.security.nl/posting/750062/Let%E2%80%99s+Encrypt-logs+vermoedelijk+gebruikt+voor+infecteren+WordPress-installaties?channel=rss)