Hacking WordPress – Capturing Usernames & Passwords

Google have now been pushing the HTTPS agenda for the years that are few – they desire all web sites to perform on HTTPS. The dashboard or admin pages, all data is submitted clear text should your WordPress is still running on HTTP, when you login to WordPress and access. This means your WordPress credentials may also be delivered on the internet in clear text.

Therefore the dangers of getting your WordPress password and username stolen have become high. This post describes how harmful hackers can steal your WordPress login details making use of pc software that's free. Additionally recommends your skill to protect your website from such assaults and exactly how to make use of WordPress activity logs to spot behavior which dubious.

How exactly to steal WordPress credentials (Usernames and Passwords)
Routing of Clear Text Data Over the Internet
Whenever you access an online site or your WordPress, the information just isn't sent straight from your computer browser towards the internet server. It is routed through several devices on the internet that are administered by different entities (ISPs, web hosts an such like).

Depending on the location that's geographic of computer and WordPress internet site, your login details may be routed through 5 to 20, or maybe more products before it reaches the location. And since such information is sent in clear text, should a hacker which malicious into one of these devices, which may be your own house router, they could effortlessly recover your WordPress username or password.

Hacking WordPress sites by stealing login details
Harmful hackers utilize software such as for example Wireshark (sniffer) or Fiddler (proxy) to capture your WordPress login details.

As an example the screenshot below is of Fiddler, which is a pc software which proxy the attacker might used to capture your WordPress credentials by proxying the traffic through it.

Protecting your WordPress login details (and password)
There are many methods how to prevent having your WordPress login details taken. The initial & most way that is protected to gain access to your WordPress dashboard over an HTTPS connection.

It's also advisable to include authentication that is two-factor your WordPress because despite the fact that harmful hackers can’t steal your credentials whenever accessing the WordPress admin pages over SSL, it's still prone to brute force assaults. Two-factor verification protects your WordPress from automated brute force attacks.

Keep a WordPress task log to spot logins that are suspicious hack attacks

The more protection layers you can implement in your WordPress internet site, the higher it's generally of thumb. So since no WordPress protection solution is perfect, you should also keep a WordPress activity log to be able to spot logins which can be dubious other activity in your WordPress web sites.

Using a plugin like WP Security Audit log your WordPress site it is possible to help keep a log of whatever is happening on your web site, therefore should be able to just take the required action that's evasive your site is damaged in case there is a possible WordPress hack attack.