It has been found that hackers are able to attack fresh WordPress installs within 30 minutes of installation. The findings were given by Hanno Böck, who found a method attackers can use to find a WordPress website just 30 minutes after it has been installed for the first time.
The vulnerability has come through the issuing of SSL certificates ironically. The sequence of events would go something like this:
- You order a new website hosting package from a hosting provider. Your order includes a free or paid SSL certificate for your domain.
- The SSL certificate is issued once your order completes.
- 30 minutes later, attackers see your fresh website listed in the public certificate transparency report.
- At that time – 30 minutes later – you are halfway through completing your website setup and are just beginning to install WordPress.
- An attacker is constantly monitoring your new domain, and as soon as they see the setup script, they run it, install a backdoor and then reset your site to the state it was in so that you don’t notice.
This technique is unique and well thought out. It gives attackers a way to reliably find and attack fresh websites as they are being set up. To avoid these attacks while you are setting up your new website, we suggest either limiting access to your IP address or setting up basic authentication. Both of these can be done using your websites .htaccess file. If you need help setting this up do contact us to help you through. With these two methods in place you won’t have to worry about an attack on your WordPress install.