Did you know that hackers find vulnerable sites by using something called a “Google Dork”?
Info courtesy:
Mark Maunder
Wordfence Creator & Feedjit Inc. CEO.

It’s a crafted search that exposes websites running a vulnerable theme, plugin or application in the Google search results. A recent example of this is the Ghost theme vulnerability below. In the exploit that has been published online, hackers include a Google Dork to find websites running this theme. In the case of Ghost, hackers use the following crafted search to find vulnerable sites:

inurl:wp-content/themes/Ghost/

the Ghost commercial theme and another in WP-Mailinglist. Both exploit the Uploadify library which is included with these products and use it to upload malicious scripts or data to websites.

We’ve seen exploits for several years now that take advantage of various upload libraries. Configured correctly, upload libraries can be a useful tool. The problem is that some plugins and themes include these libraries by default, even if a site owner has no intention of uploading files to their site.

So in this alert we’re recommending that you do an audit of your site, in particular your active WordPress theme, and check if any upload library or functionality exists in your theme.

Theme authors seem to put upload libraries in subdirectories titled ‘includes/’, ‘libs/’, ‘vendors/’ and so on. For example the Ghost theme puts Uploadify in “includes/uploadify” and the WP-Mailinglist plugin puts it in a subdirectory of the plugin called “vendors/uploadify”.

We recommend that you use CPanel’s File Manager, your FTP client or whatever utility your host has provided to explore your website directory structure to browse through your active theme’s subdirectories and check if there is anything that looks like an upload library. You can find your active theme’s files in wp-content/themes/your-theme-name/

Upload libraries include “SWFUpload”, “HTTP_Upload”, “class.upload.php”, “Uploadify” and “jQuery-file-upload”. If you find anything that looks like an upload library and you’re not ever uploading files to your website, drop the theme maker a polite email and ask them how to disable upload functionality completely to help secure your site.

Be careful that you don’t simply delete the upload library because it may break your theme if there are files in the theme that depend on the upload library and suddenly can no longer find it.