Google is a gigantic world wild database. Finding a vulnerable WordPress website in a few seconds can be as simple as a Google search.
As usual with ethical hacking in general and depending on your country, using Google dorks to find vulnerable websites can lead to lawsuits!
On no account should you use Google dorks to download logs, databases, and other resources you are not supposed to access, even in a white hat perspective or for test purposes.
I know that’s lame, and most people do it with the best intentions, but remember that can be illegal, and don’t believe all vulnerable companies and organizations will treat you well if they know you have access to their credentials.
It’s called Google dorking and it consists of advanced Google search queries with unique keywords and operators to find sensitive information and security breaches.
For example, if you want websites that use the Woocommerce plugin, you may google the following:
It’s pretty helpful when known vulnerabilities are revealed for specific plugins.
You’ll see WordPress websites that have logs enabled in production in a publically accessible directory!
You can even find SQL dumps with Google Dorks. Of course, not all WordPress installations have such a big security hole, but it happens:
Once you have the database, you do pretty much everything you want, including finding user passwords by decrypting MD5 strings.
Note that it can be slightly more subtle:
filetype:tar.gz site:mywebsite.com filetype:sql site:mywebsite.com
The above dork query looks for publically accessible backup files in mywebsite.com. If you accidentally saved a backup in a public directory and forgot to remove it, that can turn nasty.
Instead of listing all kinds of Google dorks here, I prefer you go to exploit-db.com to see it by yourself. Just type “wordpress” in the search form, and you’ll get tones of Google dorks!
Run dork queries against your website, and you’ll see if there’s something wrong.
You can request removal with the Removals Tool, which enables you to temporarily block pages from Google Search results on sites that you own.
Most of the time, those websites are misconfigured so that you can browse the
wp-content directory. Any website should disable directory browsing with, for example, this line in the
robots.txt file is meant for search engines, it’s publically accessible, so it’s easy for hackers to use this file to discover directories and files.
You might end up giving them sensitive information!
The production environment is not meant for logging errors and debugging. You can add the following code in your
ini_set('display_errors','Off'); ini_set('error_reporting', E_ALL ); define('WP_DEBUG', false); define('WP_DEBUG_DISPLAY', false);
Most security plugins ensure your installation is safer, making all the quick fixes we just saw for you, protecting sensitive directories, and scanning your website regularly.
Fortunately, many web hosting providers have robust default configurations and pre-built CMS integrations to prevent harmful situations.
However, Google dorks for WordPress are still a common concern in 2021. You’d be surprised how many
.env files and credentials you can access with a simple search.