This is the thing which many people don’t know. Hackers use various ways and methods to hack websites, and comment based hacking is one of them. In this they comment on your blog, and the comments seems to be so so genuine and as a result we approve it. But many of us don’t know one thing that the comments in the WordPress are HTML enabled, that means that hackers can embed various malicious scripts in the comment text, which are not visible to normal user but they are their. As comments are stored in the database, so it is very easy for the hacker to access are your private data. The moment you approve such comments, the embedded scripts start their work. Hacker can execute those scripts by using some MySQL queries. This helps hacker to intrude in the admin area easily.
But the question arises, how to identify such comments…??
Now I’m gonna tell you few identification tips, which will help you to easily identify such comments…
- Links within the comments.
- Comments from unknown users.
- Comments from unknown email address.
- Comments from unknown IP address. Trace the location of the IP address by clicking on this link.
- Comments which seems to be genuine, but smells like a rat. So be alert with such comments.
What type of issue such comments can create once they are approved i.e once they are executed.
- internal errors
- database connectivity error
- unable to access your login
- automatic plugin removal
- malfunctioning of themes as well as website
- increase in loading time
How to prevent such comments from being posted
- Always take the above mentioned precautions before you approve any comment
- Users must be registered before they can comment
- Disable auto approve option from the settings
- Use CAPTCHA plugin from bestwebsoft.com
- Never approve untrusted users
- Don’t anyone admin of your blog
If you follow the above mentioned things carefully and implement it on your blog as well on yourself, then this will help you to increase your website security
