You must have heard about the social.png hack or crypto PHP hack. What is this hack exactly? Well, the hacker has this file called social.png and it looks like an image file but is actually an executable PHP code. They get access to your website because your website contains that file. Now the question is how do they get that file in the first place?
social.png file hacks
What hackers do is they will steal, buy or download paid plugins and themes. They will edit them to include the social.png file and then they will upload them to a website where those paid plugins are offered for free download. So let’s say, someone needs a plugin but they don’t wanna pay the developer for it. They find a version for free online often called nulled or cracked plugins and the download them for free. They work completely as they should. What users possibly do is have the social.png file on their website which can potentially cause more damage to their site then it would have cost them to pay for the plugin or a theme in the first place.
So it’s a trade-off people don’t know this hack exists. So when their site is hacked they don’t really think that it must have been that paid plugin they downloaded from that sketchy website. They don’t make that connection so people don’t really know that this is what caused the problem.
Now you know that it’s these nulled or cracked plugins that often cause this problem. So what exactly is vulnerable about the social.png hacks or the social.png files uploaded?
Essentially when their files are on your server the hacker can:
- Upload malicious files to server whenever they want
- They can also update that social.png file at any time to add new features to their hack
So the hacker might upload the file so that they can use your site as an email server or update a plugin to add new features to turn it into an adult site.
So what is it that you can do to protect your website?
First, don’t install stolen or nulled plugins or themes that normally cost money because that is really the number one way that the social.png file gets on your website and we it’s tempting to download a free version of a plugin or theme that costs ninety dollars. The reality is you may pay far more to fix the damage it can cause. Other than social.png file a more prominent threat to your WordPress site is cross site scripting or XSS attacks
. This is currently the number one attack that thousands of websites face every single day. You just need to know what to do and commit to doing it!
Christine writes for people who seek for knowledge about SEO, blogging, online marketing, gadgets and web apps.
Latest posts by Christine (see all)