Google dorks for WordPress

Google is a gigantic world wild database. Finding a vulnerable WordPress website in a few seconds can be as simple as a Google search.

Disclaimer

As usual with ethical hacking in general and depending on your country, using Google dorks to find vulnerable websites can lead to lawsuits!

On no account should you use Google dorks to download logs, databases, and other resources you are not supposed to access, even in a white hat perspective or for test purposes.

I know that’s lame, and most people do it with the best intentions, but remember that can be illegal, and don’t believe all vulnerable companies and organizations will treat you well if they know you have access to their credentials.

Google dorks in short

It’s called Google dorking and it consists of advanced Google search queries with unique keywords and operators to find sensitive information and security breaches.

For example, if you want websites that use the Woocommerce plugin, you may google the following:

inurl:"/wp-content/plugins/woocommerce"

It’s pretty helpful when known vulnerabilities are revealed for specific plugins.

Read my logs 😓

Google this:

inurl:wp-content/debug.log 

You’ll see WordPress websites that have logs enabled in production in a publically accessible directory!

Please, download my SQL dumps 😱

You can even find SQL dumps with Google Dorks. Of course, not all WordPress installations have such a big security hole, but it happens:

filetype:sql intext:wp_users

Once you have the database, you do pretty much everything you want, including finding user passwords by decrypting MD5 strings.

Note that it can be slightly more subtle:

filetype:tar.gz site:mywebsite.com
filetype:sql site:mywebsite.com

The above dork query looks for publically accessible backup files in mywebsite.com. If you accidentally saved a backup in a public directory and forgot to remove it, that can turn nasty.

A database for Google dorks 🤘🏻

Instead of listing all kinds of Google dorks here, I prefer you go to exploit-db.com to see it by yourself. Just type “wordpress” in the search form, and you’ll get tones of Google dorks!

How to fix it ⚡️

Test your website

Run dork queries against your website, and you’ll see if there’s something wrong.

Request removal

You can request removal with the Removals Tool, which enables you to temporarily block pages from Google Search results on sites that you own.

Source: Google support

Disable directory browsing

Most of the time, those websites are misconfigured so that you can browse the wp-content directory. Any website should disable directory browsing with, for example, this line in the .htaccess file:

Options -Indexes

Forget the robots.txt file

While the robots.txt file is meant for search engines, it’s publically accessible, so it’s easy for hackers to use this file to discover directories and files.

You might end up giving them sensitive information!

Disable logs and debugging

The production environment is not meant for logging errors and debugging. You can add the following code in your wp-config.php:

ini_set('display_errors','Off');
ini_set('error_reporting', E_ALL );
define('WP_DEBUG', false);
define('WP_DEBUG_DISPLAY', false);

Install a security plugin

Most security plugins ensure your installation is safer, making all the quick fixes we just saw for you, protecting sensitive directories, and scanning your website regularly.

Wrap up

Fortunately, many web hosting providers have robust default configurations and pre-built CMS integrations to prevent harmful situations.

However, Google dorks for WordPress are still a common concern in 2021. You’d be surprised how many .env files and credentials you can access with a simple search.