WORDPRESS Hacking Workshop

Download

File
WPHandSM

Please login or Register to access downloadables

Download

Hacking started as a prank in MIT and grew into a different thing. Earlier hacking was a way to showcase your ninja skills. Nowadays, it has grown to an easy and illegal money making method. Hackers use hacked websites, databases for spamming purposes, selling user information like social security numbers, credit card details and other stuff in underground markets and private forums. Moreover, hacking is done to show-off or as a part of cyber war between different countries.

This e-book contains text materials from the course.

Module 1

- Tutorial 1: WordPress Fingerprinting

- So let’s get started
  - - Method 1: The meta tag
  - - Method 2: Silly Little mistakes
  - - Method 3: Tools
      - a) WpScan
      - b) whatweb

- Tutorial 2: Basics of most Popular Attacks
  - - Index Browsing
  - - Login Details
      - Simple/Traditional Brute Force
      - Dictionary Attack

- Vulnerable Plugins

- Tutorial 3
  - - How WpScan Work

Module 2 Coding Facts (Theme Backdooring and plug-in Vulnerability)

- Tutorial 1: Eight Mistakes Developers Mostly Make
  - - Use of Unsecure Hosting
  - - Forget to Update WordPress Version, Theme OR Plug-in
  - - Use “admin:admin” as Username:Password
  - - Use of Simple Password
  - - Use of Free Themes
  - - Forget to Change Default Table Prefix
  - - Unsecure Coding
  - - Using the Default Permalink Structure

- Tutorial 2: How is WordPress Theme backdoored?
  - - WHAT IS a BACKDOOR?
  - - RECOMMENDATIONS

- Tutorial 3: Hack the ackable (Making the Service Unavailable)
  - - DDOS (Distributed Denial of Service)

Module 3

- Tutorial 1

- List of Top WordPress Malware Infections
  - - Top WordPress Malware Infections

- Tutorial 2
  - - How to Detect and Clean Malware from WordPress Websites
  - - Identifying Badware Behavior
  - - Removing Badware Behavior
  - - Removing Google Blacklisting

- Tutorial 3 How to Protect Your Website from Malware Infections
  - - Reset Your Password(s)
  - - Update Everything
  - - Remove Any Unused and Outdated Items
  - - Get Rid of Common WordPress Elements
  - - Limit the Access
  - - Set Up Alerting and Monitoring
  - - Register with Google Webmaster Tools
  - - Monitor the Changed Files
  - - Update WP-Config Security Salts
  - - Install and Configure a Security Plug-in
  - - Set Up and Test a Back-up Solution

Module 4 WordPress Security

- Tutorial 1 Understanding wp-config.php/.htaccess/robots.txt
  - - WordPress Security With wp-config.php
  - - WordPress Security Via .htaccess
  - - WordPress Security via robots.txt
  - - Secure Your Website from Website Copier Tools
  - - Robots.txt Used in another Way for WordPress Security

- Tutorial 2
  - - Sucuri Security – SiteCheck Malware Scanner
  - - Wordfence
  - - Acunetix WP Security Scan
  - - BulletProof Security
  - - All-In-One WordPress Security and Firewall Plug-in

- Tutorial 3 Implementing the Security Plug-in
  - - How to Install WordPress on localhost
  - - Malicious File Located via Plug-ins

Download

File
WPHandSM

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

This e-book contains text materials from the course.

Module 1

Tutorial 1: WordPress Fingerprinting

So let’s get started

Method 1: The meta tag

Method 2: Silly Little mistakes

Method 3: Tools

a) WpScan

b) whatweb

Tutorial 2: Basics of most Popular Attacks

Index Browsing

Login Details

Simple/Traditional Brute Force

Dictionary Attack

Vulnerable Plugins

Tutorial 3

How WpScan Work

Module 2 Coding Facts (Theme Backdooring and plug-in Vulnerability)

Tutorial 1: Eight Mistakes Developers Mostly Make

Use of Unsecure Hosting

Forget to Update WordPress Version, Theme OR Plug-in

Use “admin:admin” as Username:Password

Use of Simple Password

Use of Free Themes

Forget to Change Default Table Prefix

Unsecure Coding

Using the Default Permalink Structure

Tutorial 2: How is WordPress Theme backdoored?

WHAT IS a BACKDOOR?

RECOMMENDATIONS

Tutorial 3: Hack the ackable (Making the Service Unavailable)

DDOS (Distributed Denial of Service)

Module 3

Tutorial 1

List of Top WordPress Malware Infections

Top WordPress Malware Infections

Tutorial 2

How to Detect and Clean Malware from WordPress Websites

Identifying Badware Behavior

Removing Badware Behavior

Removing Google Blacklisting

Tutorial 3 How to Protect Your Website from Malware Infections

Reset Your Password(s)

Update Everything

Remove Any Unused and Outdated Items

Get Rid of Common WordPress Elements

Limit the Access

Set Up Alerting and Monitoring

Register with Google Webmaster Tools

Monitor the Changed Files

Update WP-Config Security Salts

Install and Configure a Security Plug-in

Set Up and Test a Back-up Solution

Module 4 WordPress Security

Tutorial 1 Understanding wp-config.php/.htaccess/robots.txt

WordPress Security With wp-config.php

WordPress Security Via .htaccess

WordPress Security via robots.txt

Secure Your Website from Website Copier Tools

Robots.txt Used in another Way for WordPress Security

Tutorial 2

Sucuri Security – SiteCheck Malware Scanner

Wordfence

Acunetix WP Security Scan

BulletProof Security

All-In-One WordPress Security and Firewall Plug-in

Tutorial 3 Implementing the Security Plug-in

How to Install WordPress on localhost

Malicious File Located via Plug-ins

Thank you!

https://hakin9.org/wp-content/uploads/2023/06/hakin9_logo.svg

Download Free eBook