How to hack a website account password 2024?

I have seen a report before, saying that hackers used more than 162,000 WordPress websites to carry out DDoS attacks on the target website. All requests were random values (such as ?4137049=643182?), thus bypassing the cache and forcing each Go back to the page and reload, so the target server quickly hung up and was down for several hours. This time the attacker used the pingbacks port of WordPress's XML-RPC to attack. XML-RPC is WordPress's API interface for third-party clients (such as WordPress iPhone and Android clients, Windows Writer, etc.), XML- RPC can also be used for pingbacks and trackbacks ports, which can be used for communication between sites, but if misused, they may be used by attackers to carry out DDoS attacks.

There are a lot of professional terms in the above paragraph. If you don’t understand it, you can ignore it. To put it simply, the hacker controlled 162,000 computers with WordPress installed, sent commands remotely, and allowed them to access the attacked site at the same time, causing a large number of requests. If the target website cannot receive it, it will be killed.

Some people say that the White House website is also built using WordPress. Why is his website safe but not mine?

The security of a site consists of several aspects:

The website building program used,

Server security [window or liunx],

Web server software security,

Operator safety awareness,

Any link may lead to fatal problems in the security of the site. If your competitors are targeting you, you should be careful. At worst, the page may be changed, or at worst, private data may be downloaded. If it is used as an e-commerce site, a hacker can even secretly change the payment account to achieve his goal.

Theoretically, most WordPress sites on the market can be taken down. It’s just a matter of time. The information gap plays a decisive role here. From when the 0day vulnerability is discovered to when you know the vulnerability and fix it, your site will be damaged. Totally exposed. To give a simple example, the latest WordPress version is 5.2.4 (2019.10.14). Assuming that there is a common vulnerability in versions before 5.2.3, you can directly obtain administrator permissions to access the backend. At this time, you only need to search Powered in google. By WordPress, you can find a large number of websites that can be attacked.

Therefore, according to the law of the jungle, in order to protect yourself to the maximum extent without being discovered, you need to delete this line of characters Powered by WordPress in the footer. Let’s talk about a real case. Recently, a wordpress site in Brother Liu’s site group has also been hacked. It should be that the attack file was automatically uploaded after being scanned. After that, when the site is accessed through the Chrome browser, a red window will pop up, prompting Not safe, don't visit. It took a long time to solve it. The traffic must have been affected. Learn from each step and update in time. Remember...

For website building, I always recommend using Shopify, which is a SaaS system. The website I recently built for a client is also based on Shopify. For no other reason than for peace of mind and security, because a loophole is like a thunder that may explode at any time. So far, I have never heard of any serious vulnerabilities in Shopify, and SaaS systems usually automatically update the backend in a timely manner. I write this article purely out of my thoughts. I know that there will still be a large number of people choosing WordPress to build their websites, especially corporate websites. Brother Liu is here to remind you to pay attention to network security and reduce risks!

In addition, more and more Shopify websites have been built recently, and I am very interested in making a Shopify template suitable for corporate websites. If it can be made, it will really solve a big problem. Because Shopify can be set up once, free for life, with no server fees, no manual maintenance fees, and is naturally resistant to DDoS attacks.

Finally, if you have a friend who is using WordPress to build a corporate website, please forward this article to him.