Now a days in most of wordpress sites are being hacked due to lack of security, today I came with new topic related to wordpress security, here we discuss in detail about issues need to fix to avoid hacking. Let’s see 5 top WordPress site more vulnerable need to fix.
These Hacks Causes WordPress site more vulnerable
1. Os command injection
2. Eval injection
3. Sql injection
4. Use of a Broken or Risky Cryptographic Algorithm.
5. Cross site scripting issue.
1. OS command Injection:
Os command injection carries different meaning for different people, for someone it only refers that an attacker can injects the separators into arguments for an application controlled program that is being invoked. Let’s check small code example found in wordpress plugin, then how we can fix this error now.
$command = "$cuty $proxy --max-wait=$timeout --user-agent=\"$ua\" --javascript=$jsOn --java=$javaOn --plugins=$pluginsOn --js-can-open-windows=off --url=\"$url\" --out-format=$format --out=$tempfile"; }else $command = "$xv --server-args=\"-screen 0, {$screenX}x{$screenY}x{$colDepth}\" $cuty $proxy --max-wait=$timeout --user-agent=\"$ua\" --javascript=$jsOn --java=$javaOn --plugins=$pluginsOn --js-can-open-windows=off --url=\"$url\" --out-format=$format --out=$tempfile"; } $this->debug(3, "Executing command: $command"); $out = `$command`; $this->debug(3, "Received output: $out");
Here in the above code $out=’$command’; which is a causing WordPress site more vulnerable,So we need to escape the output to avoid hacking, now let’s check below code how to fix this issue.
$out = tag_escape($command);
Here tag_escape() in wordpress , removes all characters other than a-zA-Z0-9_:, the set of valid HTML tag characters. Transforms letters to lowercase. String cleaned and escaped for output as an HTML tag.
2. Eval Injection:
In this kind of issues contains user supplied inputs, if this inputs can be modified by attacker, an arbitrary code can be executed in the server. So to avoid this issue we need to escape the output. Let’s check the code example to fix this issue.
$result->content = preg_replace( $pattern.$this->regex_options, $this->replace, $content);
In the above code preg_replace() method has three arguments , where second argument contains data from user inputs. Now fix this issue using stripslashes to escape the output .
$result->content = preg_replace( $pattern.$this->regex_options, stripslashes($this->replace), $content);
stripslashes is used to Un-quotes a quoted string, here second argument treats as php code which come from incoming http request from the variable replace.
3. SQL Injection:
Here we use sql queries to retrieve data from the database, in this process we forget to escape the queries. if the query is not escaped then an attacker will pass the query string using http request to the server, when that query executes in the server , attacker can access the database and modify the data. To avoid these sql injections we had esc_sql() in wordpress before we pass the query we can escape the query using this method.
Protected function query($sql) { $this->sqlCnt++; $res = $this->db->query($sql);
Now let’s check below code how to use esc_sql()
$safesql=esc_sql($sql); $res = $this->db->query($safesql);
4. Use of a Broken or Risky Cryptography Algorithm:
In wordpress some of the plugins are not using good hashing techniques,
Recently Md5 cryptographic algorithm also are not up to the mark, attacker can break the algorithm ,so check below code using md5
# Hash validation, cheap way to ensure that the data safely made it from there to here intact if (md5(serialize($args)) != $val_hash) { cfd_tmp_dbg('cf-data-received.txt', PHP_EOL.PHP_EOL.'---- calculated local hash: '.md5(serialize($args)), '', true); }
In the above code md5 algorithm is used to encrypt the serialize arguments.We can also use sha256 algorithm instead of Md5 algorithm. Let’s check below code example using sha256 algorithm.
# hash validation, cheap way to ensure that the data safely made it from there to here intact if (hash(‘sha256’,serialize($args)) != $val_hash) { cfd_tmp_dbg('cf-data-received.txt', PHP_EOL.PHP_EOL.'---- calculated local hash: '.hash(‘sha256’,serialize($args)), '', true); }
5. Cross site scripting:
Here in the wordpress we had pre-defined output escaping functions; let’s check some of the escaping functions below.
• Esc_html()
• Esc_attr()
• Esc_js()
• Esc_url()
Most of the plugins are not taking care in output escaping, these may cause an attacker can break the code, so check the code example, how to use these function in wordpress.
<input id="role" type="hidden" tabindex="20" size="25" value="student" name="redirect_to" value="<?php echo $_GET['redirect_to']?>" />
In the above code value attribute is displaying the user data, so here there is possible WordPress site more vulnerable for being hacked ,in this case we need to use esc_attr() to escape the out
Let’s check the code below for reference.
<input id="role" type="hidden" tabindex="20" size="25" value="student" name="redirect_to" value="<?php echo esc_attr($_GET['redirect_to'] ); ?>" />
If the data is directly displaying in the html we can use the code as below
<td><?php echo esc_html($_GET['redirect_to'] ); ?></td>
All these five issues need to be fixed for better security in wordpress websites; it will protect your site from attackers.
Thanks for reading this article. For any queries please use comment system
Leave A Comment