Zombie Robots: We’re All Under Attack!

Automated bots are responsible for the majority of WordPress hacks. These zombie robots are programmed by hackers to run 24/7 “spray and pray” attacks on as many targets as possible. There are plenty of different bots in circulation, but they all have one goal: to gain admin access to your WordPress account and ultimately, to take over your web server.

What’s so scary about automated bots?

One of the most common misconceptions about WordPress security is that the attacker needs a reason to target your website. This just isn’t the case. Hackers know that WordPress is the most commonly used content management system, powering almost a third of the internet. They also know WordPress admins are infamous for procrastinating on maintenance tasks, making WordPress a primary target for automated attacks.

Hackers can build a bot that is designed to prey on WordPress websites with relative ease. This bot can be loaded with basic features and sold to script kiddies on the black market in exchange for cryptocurrency. There are several bots like this in circulation today that perform tasks like this:

1. Build a database of WordPress websites using a web crawler
2. Check if the website is online and accepting requests
3. Attempt to enumerate WordPress users (using author permalinks, JSON API endpoints, etc)
4. Attempt a brute force login using enumerated users and a password list

Another bot could attempt to run a few well known WordPress exploits instead of brute forcing the login. Hopefully you get the idea. Whether they use the bots themselves or sell them for use by the masses, there’s huge incentive for hackers in building these automated bots.

What happens if my website gets infected?

Once you’ve been infected, the hacker begins to tighten their stranglehold your system. Your admin credentials would be logged and the hacker would install a reverse shell (a back door into your server). This step can automated, too. Next they will gain root access to your server, taking full ownership of it in order to do things like:

• Host copies of popular websites’ login pages on your server in order to capture login credentials (Phishing scams)
• Cryptojacking software can be installed to turn your visitors into cryptocurrency miners
• A botnet client could be installed, turning your computer into a zombie robot to carry out this same attack

There are many more ways an attacker can utilize your server once they gain root access. That’s why it’s the ultimate goal. It has nothing to do with the content of your website, your users’ data or even your traffic. Your server is an attractive place for a hacker to setup shop because it allows them to work in the shadows. The owner is unaware and the server is just another IP address for the hacker to hide behind.

How can I protect my website from automated bots?

Although there are plenty of zombie robots shuffling around the internet, they’re generally quite dull. These bots prey on poorly protected websites with weak login credentials. You can force the horde to move on by following a few simple best-practices:

1. Choose a reputable hosting provider where security monitoring is a priority. We highly recommend WP Engine.
2. Ensure WordPress admin logins are using strong passwords. Use a password manager if necessary.
3. Install a WordPress security plugin to defend against suspicious behaviour. We’re big fans of iThemes Security.
4. Keep regular WordPress backups and update your software regularly. Weekly, at a minimum.

Wrapping Up

So, why do zombie robots want access to your WordPress website? They really don’t. Bots want access to the sweet, sweet computer that hosts your website so they can turn it into another zombie in their army. They prey on the slow and weak. Those too slow to keep their software updated, those too with weak credentials. Take the steps to protect your website. Immunize yourself and you’ll find the horde moves on to prey on an easier target.