WordPress Site Exploitation — Part 01

Published in

Nest InfoSec

6 min readJun 19, 2023

WordPress is an incredibly useful and versatile platform for all kinds of blogging, portfolios, business sites, e-commerce stores, and more. It has become very popular. Unfortunately, that popularity has brought with it quite a few vulnerabilities that can be exploited by hackers, compromising the security of WordPress.

In this blog series, we will explore the ways of exploiting and testing WordPress-based websites. Before delving into the security perspective of WordPress applications, it is essential to have a proper understanding of WordPress and its usage. Therefore, in Part 1 of this blog series, we will cover the fundamentals of WordPress and set up the lab for upcoming exploitations.

What Is WordPress?

WordPress is a very popular tool that helps manage websites. It has been around since 2003 and is currently used by more than 60 million websites. One of the reasons why it’s so well-liked is because it’s easy to use and free for anyone to use. You can set up a WordPress website in less than an hour without much hassle. It is built using two programming languages called PHP and MySQL/MariaDB. A great feature of WordPress is that you can add custom plugins and themes to personalize your website according to your preferences. This flexibility has contributed to its widespread popularity.

What is a WordPress Website?

A WordPress website refers to a website that utilizes WordPress as its content management system (CMS). WordPress is responsible for managing the backend of the site, which is where users can log in to make updates or add new content. It also controls the frontend, which is the visible part of the website that visitors see online. When it comes to design, a WordPress theme acts as the foundation for your website’s appearance. WordPress provides a range of themes for creating a WordPress website. It’s important to note that selecting a WordPress theme primarily affects the frontend look and feel of the site, while the underlying logic and functionality of the backend remain unaffected.

Key Features of WordPress

WordPress is a powerful and versatile content management system (CMS) known for its user-friendly interface and extensive plugin ecosystem. Its key features include:

Easy website creation and management: WordPress provides a simple and intuitive interface that allows users to build and customize websites without any coding knowledge. It offers a range of themes and templates to choose from, making it easy to create visually appealing sites.
Plugin support for enhanced functionality: With thousands of plugins available, WordPress allows users to extend the core features of their websites. These plugins enable additional functionality such as e-commerce, SEO optimization, contact forms, social media integration, and more.
SEO-friendly structure: WordPress is designed with search engine optimization (SEO) in mind, making it easier for websites to rank higher in search engine results. It generates clean and semantic code, supports customizable permalinks, and offers various SEO plugins to optimize content and metadata.
Active community and frequent updates: WordPress has a large and active community of developers and users who contribute to its continuous improvement. Regular updates ensure that the CMS remains secure, stable, and up-to-date with the latest web standards and technologies.

WordPress.com V/S WordPress.org

The difference between WordPress.com vs. WordPress.org can be a little confusing if you are new to using WordPress.

WordPress.com is the hosted version of WordPress, where you can create a WordPress.com account to make a blog or website.

WordPress.org is where you can download the WordPress software to install on your own server or web hosting account.

What is a WordPress Plugin?

A WordPress plugin is a piece of software that extends the functionality of a WordPress website. It is essentially an add-on that can be installed and activated within the WordPress CMS. Plugins can offer various features and enhancements, such as adding new content types, integrating social media, optimizing SEO, enhancing security, creating contact forms, and much more. They allow users to customize and personalize their WordPress websites without the need for coding, providing a flexible and modular approach to website development.

Key Files of WordPress

Index.php: homepage of wordpress site.
license.txt: contains useful information such as the version WordPress installed.
Wp-activate.php: is used for the email activation process when setting up a new WordPress site.
Login folders (may be renamed to hide it): /wp-admin/login.php, /wp-admin/wp-login.php, /login.php OR /wp-login.php
xmlrpc.php: is a file that represents a feature of WordPress that enables data to be transmitted with HTTP acting as the transport mechanism and XML as the encoding mechanism. This type of communication has been replaced by the WordPress REST API.
Wp-content: folder is the main directory where plugins and themes are stored.
Wp-content/uploads/: Is the directory where any files uploaded to the platform are stored.
Wp-includes/: This is the directory where core files are stored, such as certificates, fonts, JavaScript files, and widgets.
Wp-config.php: file contains information required by WordPress to connect to the database such as the database name, database host, username and password, authentication keys and salts, and the database table prefix. This configuration file can also be used to activate DEBUG mode, which can useful in troubleshooting.

Different Users Permissions/Privileges in WordPress

Administrator
Editor: Publish and manages his and others posts
Author: Publish and manage his own posts
Contributor: Write and manage his posts but cannot publish them
Subscriber: Browser posts and edit their profile

Why is WordPress Vulnerable?

Themes and Plugins in WordPress pose a potential vulnerability as they are developed by various authors with varying security standards. While the core system is secure and updated, caution must be exercised in selecting and installing themes and plugins. Regular maintenance and updates, along with reputable sources, are necessary for maintaining a secure WordPress website.

These are the basic things you should be aware of before starting the exploitation/assessment of a WordPress website. In the next part of this series, we will explore passive and active enumeration and exploitation techniques for WordPress websites. We will conduct these activities in a lab environment and host our own internal WordPress website.

Lab Environment Set-Up

Hardware and Software Requirement for the Lab.

Min 16GB RAM
Min i5 10th Processor
Docker
Kali Linux
Virtualization Software

Lab Set-Up Architecture

We will be using Docker to host our WordPress website. You can run Docker on Kali Linux and perform the assessment on the localhost. However, I will be running Docker on Ubuntu Server and using Kali Linux as my attacking machine. Both labs will function in the same way, so you can choose either of the options mentioned above.

Installation Process

It would be time-consuming to guide you step-by-step through the installation of Virtualization Software, Kali Linux, and Docker on your systems. Instead, you can refer to the following resources for the installation process.

Kali Linux: https://www.kali.org/get-kali/#kali-virtual-machines

Docker On Linux: https://linuxhint.com/install_docker_kali_linux/

Once the installation of the above-mentioned tools is completed, we will proceed with the installation process of the WordPress website on Docker. To do this, you need to install Docker Compose using the following commands:

## Run the following command to download the current stable release of Docker Compose:

curl -L https://github.com/docker/compose/releases/download/1.29.2/docker-compose-Linux-x86_64 -o /usr/local/bin/docker-compose

## Next, set the executable permission to the downloaded binary:

chmod +x /usr/local/bin/docker-compose

## Next, verify the Docker Compose version using the command below:

docker-compose --version

Now we would use the docker compose file of WordPress to host the WordPress website. Use the following commands to do so:

## Make new folder

mkdir wordpress

cd wordpress

## Create a new file in the WordPress folder named “docker-compose.yml”, 
having the following code.


version: '3.3'

services:
   wordpress:
     depends_on:
       - db
     image: wordpress:latest
     volumes:
       - wordpress_files:/var/www/html
     ports:
       - "80:80"
     restart: always
     environment:
       WORDPRESS_DB_HOST: db:3306
       WORDPRESS_DB_USER: wordpress
       WORDPRESS_DB_PASSWORD: my_wordpress_db_password
       WORDPRESS_DB_NAME: wordpress

   db:
     image: mysql:5.7
     volumes:
       - db_data:/var/lib/mysql
     restart: always
     environment:
       MYSQL_ROOT_PASSWORD: my_db_root_password
       MYSQL_DATABASE: wordpress
       MYSQL_USER: wordpress
       MYSQL_PASSWORD: my_wordpress_db_password
volumes:
    wordpress_files:
    db_data:

## Run the docker compose file

docker-compose up -d

Now, if you visit port 80 of your local IP, you will be able to access the setup page of the WordPress website. Set up the WordPress website accordingly.

Reference:

Summary

In this blog, we have covered WordPress plugins, key files, different user permissions, and more. Additionally, we have set up the lab environment for exploitation in upcoming blogs. In the upcoming part, we will continue with passive and active enumeration, as well as exploitation techniques for WordPress websites. Please comment below if you have any questions and Part 2 would be coming out sooooon….

Goodbye Guys!!! We’ll see you in the next blog.

Connect With R00tKid on Social Media

GitHub: @im-rootkid
Twitter: @im_rootkid
Instagram: @im_rootkid/
LinkedIn: @im-rootkid

Thank You For Reading…….

Happy Hacking !!!