Profiling a WordPress Attack

Hacking the Hackers

WordPress SecurityWelcome back to those of you playing along at home. This site has been down for a considerable amount of time, but I’m back! And I bring with me tales from the battlefield. Let’s talk a little about WordPress and security, shall we?

A WordPress honeypot

Some time ago, while doing maintenance on the site, I identified an opportunity for a research project. I decided it would be fun to turn the WordPress installation into a honeypot and collect some threat intelligence.  I decided it was time once again to delve into the current state of WordPress security. So I disabled the security controls, stopped updating the software and sat back to watch the world burn.

It didn’t take long before I started seeing scans pour in. And in a matter of days I captured some malware and began to catalog the attack patterns of WordPress attackers. It’s fascinating to see the evolution of PHP malware as related to WordPress specifically. I spent some time doing extensive research into the breach, analyzing the attack patterns, and even tracing the honey data that was posted in various parts of the internet. Eventually I’ll be writing that up as a blog series later in the year to show you how it all played out, but for now I’m getting things back online and ready to roll it out, so here we go!

So welcome back and thanks for joining me for the next chapter of the adventure! I’ll be repopulating the database in the near future to re-establish a lot of the old content, and going forward if there is content you like please say so and I will mark it for salvation in case this happens again. As always, if you have questions or if there is some content you’d like to see covered here, don’t hesitate to contact me! I’m always happy to engage others and to push myself to produce desired content. I appreciate you for taking the time to visit and hope to see you around the internet.

Grand Re-Opening