Hacking website with brute-force type attack on a local machine

I have already written about the danger to your website caused by insecurely stored back up files. However, it was a case when I was able to find FTP credentials used by Updraft backup WordPress plugin stored in the back up of the database. I think this is the most straightforward hacking technique ever and it doesn’t require specialised knowledge or software to perform the hack. But today I will tell you about the more sophisticated method.

So, let’s begin with the very first step of this hacking method. As I mentioned in the previous post, some Google dorks could lead you to websites with unprotected backup files due to the open directory listing. Trust me, there are hundreds if not thousands of such sites, and you can find them by applying various dorks since various WordPress backup plugins have different file naming scheme.

Insecure WordPress backup files

OK, now when you have a potential list of vulnerable websites, it’s time to pick up one and proceed with other steps. We are looking for sites with backups of the database which you can use on your local machine. Download the WordPress database file, and you’re ready to start the hack. Continue reading Hacking website with brute-force type attack on a local machine

WordPress backup files may endanger your website

WordPress backup files is an excellent way to ensure you can restore your website without any data loss. Making backups is a good practice, and I highly recommend to make copies of your website files and database periodically. In case of security breach, website defacing or other disasters these copies will save you a lot of time and maybe money. But sometimes these files may be the reason why your WordPress site got hacked. A few days ago I made a small researched to find out the threats caused by backup files.

WordPress backup plugins

There are a lot of different backup plugins for WordPress on the WordPress.org plugin repository. Also, there are many various premium plugins available outside. All these plugins have the same primary function, to make a backup of your precious data. Some of them offer simple backing up functions, some of them are more sophisticated and could provide more features to manage the backing up process. To do the research I need to pick up a target, right? So I picked up the most popular WordPress backup plugin that is available in WordPress plugin repository – UpdraftPlus WordPress Backup Plugin. Continue reading WordPress backup files may endanger your website