Google is a gigantic world wild database. Finding a vulnerable WordPress website in a few seconds can be as simple as a Google search.
Permalink to heading Disclaimer Disclaimer
As usual with ethical hacking in general and depending on your country, using Google dorks to find vulnerable websites can lead to lawsuits!
On no account should you use Google dorks to download logs, databases, and other resources you are not supposed to access, even in a white hat perspective or for test purposes.
I know that’s lame, and most people do it with the best intentions, but remember that can be illegal, and don’t believe all vulnerable companies and organizations will treat you well if they know you have access to their credentials.
Permalink to heading Google dorks in short Google dorks in short
It’s called Google dorking and it consists of advanced Google search queries with unique keywords and operators to find sensitive information and security breaches.
For example, if you want websites that use the Woocommerce plugin, you may google the following:
It’s pretty helpful when known vulnerabilities are revealed for specific plugins.
Permalink to heading Read my logs 😓 Read my logs 😓
You’ll see WordPress websites that have logs enabled in production in a publically accessible directory!
Permalink to heading Please, download my SQL dumps 😱 Please, download my SQL dumps 😱
You can even find SQL dumps with Google Dorks. Of course, not all WordPress installations have such a big security hole, but it happens:
Once you have the database, you do pretty much everything you want, including finding user passwords by decrypting MD5 strings.
Note that it can be slightly more subtle:
filetype:tar.gz site:mywebsite.com filetype:sql site:mywebsite.com
The above dork query looks for publically accessible backup files in mywebsite.com. If you accidentally saved a backup in a public directory and forgot to remove it, that can turn nasty.
Permalink to heading A database for Google dorks 🤘🏻 A database for Google dorks 🤘🏻
Instead of listing all kinds of Google dorks here, I prefer you go to exploit-db.com to see it by yourself. Just type “wordpress” in the search form, and you’ll get tones of Google dorks!
Permalink to heading How to fix it ⚡️ How to fix it ⚡️
Permalink to heading Test your website Test your website
Run dork queries against your website, and you’ll see if there’s something wrong.
Permalink to heading Request removal Request removal
You can request removal with the Removals Tool, which enables you to temporarily block pages from Google Search results on sites that you own.
Permalink to heading Disable directory browsing Disable directory browsing
Most of the time, those websites are misconfigured so that you can browse the
wp-content directory. Any website should disable directory browsing with, for example, this line in the
Permalink to heading Forget the
robots.txt file Forget the
robots.txt file is meant for search engines, it’s publically accessible, so it’s easy for hackers to use this file to discover directories and files.
You might end up giving them sensitive information!
Permalink to heading Disable logs and debugging Disable logs and debugging
The production environment is not meant for logging errors and debugging. You can add the following code in your
ini_set('display_errors','Off'); ini_set('error_reporting', E_ALL ); define('WP_DEBUG', false); define('WP_DEBUG_DISPLAY', false);
Permalink to heading Install a security plugin Install a security plugin
Most security plugins ensure your installation is safer, making all the quick fixes we just saw for you, protecting sensitive directories, and scanning your website regularly.
Permalink to heading Wrap up Wrap up
Fortunately, many web hosting providers have robust default configurations and pre-built CMS integrations to prevent harmful situations.
However, Google dorks for WordPress are still a common concern in 2021. You’d be surprised how many
.env files and credentials you can access with a simple search.