It has been found that hackers are able to attack fresh WordPress installs within 30 minutes of installation. The findings were given by Hanno Böck, who found a way attackers can use to find a WordPress website just 30 minutes.
The vulnerability has come through the issuing of SSL certificates ironically. The attack would look similar to this:
- You buy a new hosting package from a hosting provider. Your purchase includes a SSL certificate for your website domain.
- The SSL certificate is assigned once your order finishes.
- Half an hour later, attackers see your new website listed in the public certificate transparency report.
- At that time – you may be halfway into developing your website setup and are just starting to install WordPress.
- An attacker is continually observing your new domain, and as they see the setup script, they run it, install a backdoor and reset your site to the original state it was in so that you don’t notice.
This technique is unique and well thought out. It gives attackers a way to reliably find and attack fresh websites as they are being set up. To avoid these attacks whilst installing up your new website, we recommend either limiting access to your IP address or setting up necessary authentication. Both of these can be done using your websites .htaccess file. If you need help setting this up do contact us to help you through. With these two methods in place you won’t have to worry about an attack on your WordPress install.