WordPress remains a popular target for attackers in the ever-evolving landscape of cybersecurity. Given its widespread use, understanding the vulnerabilities associated with WordPress is beneficial and essential for anyone responsible for maintaining such websites. One of the key techniques attackers use to gather information about a WordPress site is “fingerprinting.” Fingerprinting allows attackers to identify the WordPress version, active plugins, themes, and user information. Armed with this data, they can tailor their attacks more effectively. In this comprehensive guide, we will delve into the various fingerprinting techniques that attackers use and how you can defend against them.
Identifying WordPress Sites
Simple Discovery (RSD)
Attackers often start by confirming if a target website is running on WordPress. One straightforward method is through Really Simple Discovery (RSD), an XML format that exposes services provided by a blog or web software. By viewing the source code of a website’s homepage, attackers can find the RSD link pointing to the XML-RPC endpoint on the website. This XML file contains information about the website’s API and services available for external applications.
Countermeasure:
To mitigate this, you can disable XML-RPC if your website doesn’t require it. This can be done through various security plugins or by adding specific code snippets to your website’s .htaccess file.
Determining WordPress Version
WordPress often broadcasts its version number in various locations, including generator tags in the HTML source code and RSS feeds. These are easily accessible and provide attackers with valuable information.
Countermeasure
You can remove the version number by adding a few lines of code to your theme’s functions.php file. This will prevent WordPress from displaying the version number in the generator meta tag and RSS feeds.
Uncovering Themes and Plugins
Attackers can easily find your website’s theme by looking for the /wp-content/themes// in the source code. The style.css file within this directory often contains header comments that reveal the theme’s name and version.
Similarly, plugins often have readme.txt files that contain metadata, including the version number. Attackers can find these by looking for /wp-content/plugins// in the source code.
Countermeasure
You can use security plugins that obscure or remove the version numbers of themes and plugins. Additionally, regularly updating your themes and plugins can protect you from known vulnerabilities.
User Enumeration
Author Archives and WP-JSON API
Attackers can enumerate users by requesting/wp-json/wp/v2/users/1, incrementing the user ID to get a list of users. Another method involves requesting/?author=1 and incrementing the number to enumerate all active users.
Countermeasure
To prevent user enumeration through these methods, you can use security plugins that block such requests or add rules to your .htaccess file.
Advanced Fingerprinting Techniques
MD5 Checksums
Some advanced fingerprinting techniques involve calculating the MD5 checksum of static contents like CSS and JavaScript files. Tools like WPScan use this method to guess the WordPress version when it’s not explicitly mentioned.
Countermeasure
While it’s challenging to counteract this method directly, keeping your WordPress version up-to-date can protect you against known vulnerabilities that attackers might exploit.
Social Engineering Attacks
Beyond technical fingerprinting, attackers may also resort to social engineering tactics. They might use the information gathered through fingerprinting to craft convincing phishing emails or messages.
Countermeasure
Educate your team and users about the dangers of phishing attacks and how to recognise them. Use multi-factor authentication to add an extra layer of security.
Conclusion
Understanding attackers’ fingerprinting techniques can significantly bolster your WordPress site’s security. Taking proactive measures such as disabling unnecessary features, removing version numbers, and educating your users can make it considerably more challenging for attackers to gain the information they need to execute an attack.
At Elementrica, we specialise in various offensive security services, including Web Application Penetration Testing, API Security, and more. Our team of experts follows the best industry practices outlined in the OWASP Testing Guide, Penetration Testing Execution Standard, and NIST SP 800-115 to deliver a comprehensive testing approach.
Stay vigilant, stay secure.
