Can hackers leave access from within database?

  • Resolved alcat

    (@alcat)


    8 years, 10 months ago

    Having just watched the Wordfence video on how badly a site can actually get hacked and what access hackers can gain from a simple Base 64 script referencing links to code elsewhere, we are wanting to beef up our security and response to vulnerable sites.

    If a site has been hacked, our process to date has been to completely re-install all WP files on the server. We simply delete everything aside from content files that we know we will need later. We reinstall the WP files, new theme files and plugins. Our theory to date is that it’s just so much quicker to repair an infected site by starting afresh rather than going on file to file hunt to try and figure out what is or what is not infected.

    Now that we have watched that video though, our process will change to include the renaming of the database, new database user, new database pass.

    Technically, the only item that would remain from the old site that could possibly harbour an infection from here would be the database itself. Obviously, the logical thing to check would be the what users are in the database. So we would then also need to change our admin user and passwords and make sure nobody else is there.

    My question though, is that if we followed this cleanup process – is there any risk of a further problem from the database itself? Say the database is compromised with something in a table, would a hacker be able to use that again after cleanup process has been actioned as described above?

    https://www.ads-software.com/plugins/wordfence/

Viewing 1 replies (of 1 total)
  • Plugin Author WFMattR

    (@wfmattr)

    Hi,

    It is theoretically possible to leave some code in a WP database that would survive this type of reinstallation, but most of it would depend on what is stored in the database by your plugins and theme. Most wouldn’t run any PHP code from the database, but there are a few plugins that could, and some might store some javascript code in the database that could run in another user’s browser. In WordPress itself, if the attacker modified posts/pages to include javascript code, that code could run when a logged-in admin views the page. I don’t know of any current attacks that are intended to work this way, but it’s possible ordinary XSS attacks that modify content could linger on posts/pages.

    -Matt R

Viewing 1 replies (of 1 total)
  • The topic ‘Can hackers leave access from within database?’ is closed to new replies.