Home WordPress Security Glossary Privilege Escalation

Privilege Escalation

What is privilege escalation?

Privilege escalation is a process through which an unauthorized user gains access to resources restricted to a specific group of people, such as data that is restricted to users with specific WordPress user roles. In privilege escalation, an attacker first gains access to a low-level account before escalation privileges to get access to an administrator-level account, which allows for a wider range of resource access.

How does privilege escalation work?

Privilege escalation works laterally or horizontally. Either way, the attacker must first exploit a vulnerability or a misconfiguration that allows them initial access. Once initial access is established, the attacker will look to escalate privileges so that they can increase the attack vectors or access restricted data and information. At the very top sits root access which gives the attacker complete control over the system or systems the root account presides over.

Privilege escalation works because lower-tier accounts may not be as protected as upper-tier accounts, making them easier targets. If the principle of least privilege is not implemented, the attacker may not need to seek privilege escalation since the account may provide them with the privileges they need to carry out the intended attack.

In a WordPress environment, the acquisition of the initial access may be at the WordPress, webserver, or Operating System level. Once initial access is acquired, the attacker will try to gain further privileges that grant access to more resources.

Why are privilege escalations dangerous?

Privilege escalation is dangerous as it ultimately can lead to full access to the systems being attacked. Once full access is achieved, the attacker can initiate further attacks including infiltrating other systems and stealing data.

How privilege escalations target WordPress websites

In most cases, an attacker carries out a privilege escalation attack by gaining access to a basic user account, for example a user with subscriber user role. Since such accounts are typically not as protected as higher-level accounts, attackers may find it easier to gain access.

Once this has been completed, the attacker will look for ways to escalate their privileges and gain access to a user with admin user role. While this can be achieved in different ways, vulnerabilities in plugins and WordPress itself are one possible root the attackers may take.

To illustrate this with an example, an attacker looking to attack through privilege escalation might first look to take over a less-secure account. On a WooCommerce website, for example, this would be a customer account. Unlike the administrator and team, who might have solid passwords and use two-factor authentication (2FA), customer accounts typically have less stringent password policies – making them a prime target.

Note: refer to how to use WordPress user roles for more information on what user roles are on WordPress and the different privileges you can assign to different users to improve the security of your WordPress website.

From there on the attacker will attempt to escalate privileges by hacking accounts up the hierarchy, giving them access to more sensitive information and resources.

How to protect your website from privilege escalations

There are a number of preventive steps that you can take to reduce the risk of an attack that leads to privilege escalation. These include:

Educate users – Most users do not think about online security as much as you do but this does not mean it’s not important to them. Explaining the importance of cyber hygiene can go a long way in helping you ensure users take the necessary measures to ensure their accounts are safe.

Strong password policies – A strong WordPress password policy can make it way more difficult for an attacker to gain access. While we must acknowledge that a balance between security and ease of access is important, many websites have started to institute such policies, eliminating user frustration.

Add two-factor authentication – 2FA on WordPress websites has been proven to eliminate most threats by requiring users to present an additional authentication method before logging in. As such, an attacker would not only need the user’s password but also their phone – something they’re unlikely to get a hold of.

Harden WordPress – Secure and harden your WordPress website to ensure you’re as protected as possible from different types of attacks, including those that may lead to privilege escalation. WordPress security hardening takes a 360-degree approach to WordPress security, ensuring no unnecessary risks leave you exposed.

Stay in the loop

Subscribe to the Melapress newsletter and receive curated WordPress management and security tips and content.

Newsletter icon

It’s free and you can unsubscribe whenever you want. Check our blog for a taste.

Envelope icon

The survey results are in: Find out what your WordPress security gameplan might be missing

Uploading Melapress Login Security as a zip file in WordPress
Melapress Login Security in the WordPress plugin repository
Close

Installing Melapress Login Security Free

Congratulations on taking control of your WordPress website's security by implementing robust login and password policies with Melapress Login Security. You can change your login page URL, limit failed login attempts, and reset passwords.

 

Below are two ways to install Melapress Login Security on your website:

Go to your plugin dashboard on your site, then go to "Add New" and then search for Melapress Login Security.

Download the Melapress Login Security plugin zip, then select upload in your plugin dashboard under "Add New".

OPTION 1

OPTION 2

Uploading CAPTCHA 4WP as a zip file in WordPress
CAPTCHA 4WP in the WordPress plugin repository
Close

Installing CAPTCHA 4WP Free

Well done you. You're one step closer to safeguarding your WordPress website from spam and automated attacks with CAPTCHA 4WP. You'll be able to effortlessly integrate CAPTCHA into your forms and enjoy a website with enhanced security.

 

Below are two ways to install CAPTCHA 4WP on your website:

Go to your plugin dashboard on your site, then go to "Add New", and then search for CAPTCHA 4WP.

Download the CAPTCHA 4WP plugin zip, then select upload in your plugin dashboard under "Add New".

OPTION 1

OPTION 2

Uploading WP Activity Log as a zip file in WordPress
WP Activity Log in the WordPress plugin repository
Close

Installing WP Activity Log Free on your website

You deserve a pat on the back for choosing to record user actions and changes on your website. That is the first step towards better user accountability, easier troubleshooting of website security, and many other benefits of issues.

 

Below are the two ways to install WP Activity Log on your website:

Go to your plugin dashboard on your site, then go to "Add New" and then search for WP Activity Log.

Download the WP Activity Log plugin zip, then select upload in your plugin dashboard under "Add New".

OPTION 1

OPTION 2

Uploading WP 2FA as a zip file in WordPress
WP 2FA in the WordPress plugin repository
Close

Installing WP 2FA Free

Congratulations on taking the first step towards enhancing your WordPress site's security with WP 2FA Free! You're now on your way to protecting your valuable data and ensuring peace of mind. No coding or technical knowledge is required.

 

Below are two ways to install WP 2FA on your website:

Go to your plugin dashboard on your site, then go to "Add New", and then search for WP 2FA.

Download the WP 2FA plugin zip, then select upload in your plugin dashboard under "Add New".

OPTION 1

OPTION 2