Cross-site Scripting (XSS) Attacks Explained – Better WordPress Security | WP Learning Lab

What is an XSS attack?

A hacker tricks a trusted site into putting malicious code onto their visitors computers.

A website vulnerable to XSS attacks will receive a script (via a link for example) and execute that script in the browser.

Steps of an XSS Attack

1. An attacker distributes links containing malicious code directed at a vulnerable website

2. The malicious code is sent back to the visitor that innocently clicked the link

3. The victim’s browser sees the code as coming from a trusted site so it downloads it or gives access to its cookies

What is vulnerable?

Any website with improper security measures.

Most often this vulnerability is found in ordinary website search forms.

How can you protect your website?

1. Developers need to fix XSS vulnerabilities and release updates. So update plugins, themes and core files as soon as updates become available.