Side Effects of Malware on a Server
The WordPress content management system (CMS) powers over 30% of the world’s websites and ⅓ of the top 10 million sites on the web. Because of its popularity, WordPress is also one of the most targeted sites and the most commonly used software installed by small site owners. Malware authors create malicious code to specifically target WordPress, and scripts are freely available to anyone who wants to scan WordPress sites for vulnerabilities. This makes unmanaged and outdated WordPress sites highly vulnerable and the perfect target for attackers.
Exploit methods are dependent on the attack, but once an attacker compromises a site, any number of results can go unnoticed. Infecting a site with malware such as ransomware is immediately noticeable. But many attackers use hacked WordPress sites to add hidden content or implement conditional redirects. They do this by gaining access to the database or edit files such as the .htaccess file when they aren’t properly secured. With hidden content, the attacker might inject links into the database so that every article returned to the browser includes links to malicious sites. The reader doesn’t see the links, but search engines parse them after crawling site pages to detect content. Google refers to this content as “cloaked content,” and it can result in manual action and potential blacklisting from their search index.
The WordPress CMS is a target for several attacks, but the aftermath for a site owner can be devastating to the business.
- Blacklisting & removal from search engine indexes. If search engines detect that malware or malicious content is hosted on the site, it can be blacklisted and removed from search engine indexes. After a site is removed from the index, organic search traffic is cut to a fraction of what it was before. For a site that relies heavily on search traffic, this can cripple the business.
- Malware often breaks sites, and the broken pages aren’t always immediately noticeable by the site owner. These pages could also break when crawled by search engine bots, which hurts ranking. If the site owner does not have monitoring set up to detect server errors, then these broken pages could go unnoticed for weeks.
- If an attacker can inject malicious content, a site required to adhere to compliance could also face hefty fines for violations. As users determine that the site hosts phishing, it could be reported to regulatory bodies. The site owner eventually learns of these issues from their own reports, but it could be too late before fines are assessed.
- Any attack that works with requests or server resources will affect performance as more resources (e.g., CPU, memory, etc) are used to handle additional requests and processing. Because shared hosting involves several sites on one server, this effect could also cause performance issues on other customer sites.