DISQUS

BPWrap : Wordpress Blog Hacked | BPWrap

  • Stephan Miller · 1 year ago
    Thanks for the link Barry. The main culprit in my blog and a few others was a Wordpress forum plugin that allowed the hacker in, specifically Refresh from Georgia. There is only about 2000 some results for his name in Google now. At one time there was over 200,000. It was a massive amount. I linked to the details.
  • Barry Welford · 1 year ago
    Thanks for that reference, Stephan. I think that is only one of the many ways that hackers get into WordPress blogs. Vigilance is the watchword.
  • Cindy · 1 year ago
    I agree with the latest update. You should always upgrade no mater what script you are using. However there are hacking groups able to get in no mater what latest version script you have. I run a great deal of security for my servers and still from time to time get hacked. The biggest tool you have is to always back up your data. I generally perform nightly backups just for this reason. Unfortunately it is a necessary evil. No mater what script you run hackers are waiting. The more popular the better! BACK IT UP!
  • Annie Maloney | Sevierville Re · 1 year ago
    When I first started in Real Estate I had a WordPress blog that I used quite frequently. At the time I was completely ignorant to most, if not all, SEO. Well, it got hacked. After about 6 months I joined a forum and quickly learned from some of the other members that there was all kind of hidden text and keyword stuffing in my cached snapshot of just the text on my blog. I had been hacked and was essentailly advertising for all kinds of lovely stuff like "Pe_n_s Enlargement" and other misc. things. It took a little while to clean up. I am just glad that it happened to me in the very early stages of my social media campaign. Now I know what to look for and tend to be in defense mode most of the time. I guess you have to be....
  • Mark Blaszczyk · 1 year ago
    I always skim through any PHP code I come by before i place them on my webservers, for those who don't have any programming background then it is always good to keep in touch with security websites, and subscribe to the PHP authors mailing lists/RSS feeds for newer versions.
  • Properties in Spain · 1 year ago
    Thanks for the informations Barry. We just had to fight a hack-attack of a (well, we guess) competitor in the spanish real estate market. Anybody experiences with these kind of problems with Drupal?
    Best regards from Spain
  • XStrafer's WebPlace · 1 year ago
    The biggest hole in web security is the user ;)
  • ineedhits Online Marketing · 1 year ago
    Matt's post gives some great tips to keep your install secure. If you follow them I think your installation should be pretty secure!
  • St Louis Missouri News · 1 year ago
    Barry - Another great post. Its nice to read posts like this once in awhile to help keep us on track and protected. I do agree that the biggest security hole is the end users! lol
  • St Louis Missouri News · 1 year ago
    We all have to be on the look out.. new hackers are born every day. Great post and reminded me to do more backups! lol

    Thanks
  • Maurice (TheCaymanHost) · 1 year ago
    A timely reminder/education for many WP bloggers and those on other platforms - there are many things you can do to make things more secure including protecting your admin areas through IP restrictions and password protection of admin directories.

    Much of what I have learned about this was through other blogs and forums dealing with PHP security - the backup advice is still one of the most important though - being lazy can be very costly.
  • Seo kent · 1 year ago
    I'm always nervous of any high profile software as it is more susceptible to hacking, I have only installed Wordpress in the past month, normally I just code things up myself - but it is so timeconsuming reinventing the wheel every time...
  • Navier · 1 year ago
    It's very very important to upgrade wordpress whenever they have new editions out. (And they always do!)

    I believe the most major flaw was a recent version which had a XSS cross site scripting hole.
  • SEO Visions · 1 year ago
    My blog also got hacked and an iframe injection was somehow used. What was worse was that I was labelled in computer with the lovely 'This site might harm your computer'. I had to contact stopbadware.org and fix the issue, which was a real fiaso.

    Lesson learned? Update as soon as updates arrive!
  • freshpeak · 1 year ago
    Yes, wordpress has poor security when compared to other open source scripts. There are lots of easy ways to hack a wp blog when the blog is using any third part poorly coded plug-ins.[I have a list of plug-in names that are coded poorly].
  • copywriting agency · 1 year ago
    Thanks for reminding us about the flaws in WP - it often seems so good that people think it's infallible. It's a pain updating WP if you've got a lot of blogs, but it's less of a pain than getting hacked!

    Peter
  • free paid surveys · 1 year ago
    Nice heads up on this growing problem of blog hacking . And thanks for the Links to make things more secure.

    BTW a really informative site that I have now bookmarked !! Lots of good stuff in here no doubt !!
  • vista forum · 1 year ago
    As with any big platform, Wordpress has people constantly trying to find flaws in it so that they can manipulate it. That is why it is important to always stay updated, it is well worth the tedious task. Some of those hackers are so discreet that they will place hidden links in your theme that will obviousyl benefit them, but also hurt your in Google and maybe even permanently damage your SERPS.
  • Web Hosting · 1 year ago
    Those are some excellent tips. As a precaution I occasionally look at the source code of my template files to make sure that there is nothing fishy going on. When using a CMS like Wordpress it is also crucial to keep updated.
  • Kris | IT Support in the UK · 1 year ago
    Maybe someone enterprising could setup a security audit service for 3rd party plugins to raise the trust levels of plugins for wordpress? At least bloggers would then have some reassurance as to the quality level of coding within the plugin?
  • Racing Schools · 1 year ago
    I think those hackers who hack blogs are mainly teenage kids with loser parents who don't supervise them. I hope they really grow up.
  • paid surveys online · 1 year ago
    I think if your going to use many different websites what are all linked to throughout your blog or site its best to mix the passwords up every once and again. Just incase you sign up with a dodgey website. Eg. You have a website on paid surveys then you sign up with one and add it to your website. Lets say that this website isnt legit and you use the same paypal password as the service you signed upto and they take a wild guess and get in. Just a bad example i think im a bit tired
  • Justin SEO Zombie · 1 year ago
    I'm lucky enough to have never had a blog hacked. I have a web design / programmer friend who hacks people sites for fun. I don't really get it, but he seems to have no problem with it. Ever since I've started teaching him about SEO, he hacks sites to insert links, which is really crappy in my opinion. I know a few people who sites have been hacked to bits, and its a lot of work to get everything back to normal.
  • Amaan Goyal · 1 year ago
    Thanks for pointing out in the right direction.I think that is only one of the many ways that hackers get into WordPress blogs. Vigilance is the watchword.
  • top paid surveys online · 1 year ago
    ...nice post, wordpress is amazing but first, the upgrade are crucial and already a strong password with number and capitals.
  • Xbox 360 Red Ring Of Death · 1 year ago
    The problem I find is how do you know when you are finally secure it seems with wordpress there is a new update every 60 days and it is such a pain upgrading and breaking things.
  • Barry Welford · 1 year ago
    The really important security fixes are much less frequent than that. For example there is a current upgrade that is suggested if you have a forum as part of your website. It isn't necessary for most blogs so has not received the normal publicity. Nevertheless you should always stay aware and check the Wordpress literature from time to time. Subscribing to a RSS newsfeed is an easy way to do that.
  • internet marketing · 1 year ago
    Someone above mentioned that perhaps its the plugins which really have more of the security holes in them than the actual wordpress software.

    Since, there appears to be no testing body or accredited body which must certify or at least look at a plugin, is it not far more likely that a would be hacker would use a plugin to do something subtle but virus like, as that is an obvious potential hole?

    If there are thousands of programming hands reviewing wordpress standard code, but almost no one reviewing plugins which are in fact php code that could be malicious, why would we not all put more concentration/discussion on this area?

    I use 4-5 plugins and prior to this discussion never suspected that perhaps they could be problematic. But now, I will check google to see if anyone else is complaining about any of them.
  • Math Calculator · 1 year ago
    Thanks for the post Barry. Every time I log on to my blog I check to see if there is a new update available. Looking to see if the hackers input any codes by view in Mozilla is a nice tip and easily accessible. I've never been hacked before, but what is the worst thing that can happen or what do they usually do to it? If you don't download a bunch of crappy plug-ins I believe that will eliminate a lot of ways a hacker can get into your blog. I agree with most of the people saying that the user is usually the reason why you get hacked in the first place. Anyways, if you back up all your info you should be fine. Once again, vigilance is the watchword.
  • Matt Serwin · 1 year ago
    My wordpress blogs have not been hacked, but has anyone heard of a blogger blog being hacked? I would hope that they have security built into them.
  • Geld Lenen · 1 year ago
    The installalation on your server and the rights you give to your files and directories are mostly the reason you are hacked.

    Greetings from Nederland
  • xbox 360 elite sale · 1 year ago
    Yeah, Wordpress is a great platform but the bugs aren't the only problem. It's the constant updating and patches and fixes. I'm not exactly complaining because I love WP, but if you have a bunch of Wordpress sites, than upgrading and fixing will take a good amount of your time.
  • Rent guaranteed investment pro · 1 year ago
    Matt Cutts can tell you himself how his own Wordpress blog was hacked into last year and made to look "very sick" for a day or two by unscupulous hackers. So, it can happen to anyone.
  • Seamless Gutters · 1 year ago
    Last time I updated one of my sites to the latest version of wordpress, something went wrong. Then when I reverted back to the old version, all my categories had disappeared. It took forever to update all the posts with categories again. From now on, I am taking my chances with the hackers.
  • Barry Welford · 1 year ago
    If you're hacked you lose everything. It's a much worse problem than merely losing categories. The important lesson there is to make sure you have thought through a good backup and recovery process.
  • Discount Code Boy · 1 year ago
    I use WP for my discount code site. Currently running the latest version of WP, as suggested. As my site is on shared hosting I can't use Admin SSL but found AskApache (with MD5 hash conf'd) to be a great way of securing my login page. Hope this helps :)
  • Healthy Magz · 1 year ago
    This is one of the reasons that I'm starting to use blogger more than wordpress because I don't have to upgrade the blogger blogs every couple of months. Although I have no idea if they are any better at preventing a hack or not.
  • Morangos com Açúcar · 1 year ago
    Hey there! I love wordpress and it is normal that with such a widely used software, people are always trying to hack it! I think that the important thing is too keep all plugins and your wordpress version up to date! That way you will have much less security issues!
  • matt @ Ergonomic Aeron Chair · 1 year ago
    Recently I have come more and more across hacking incidents. I look forward to reading more about your posts as my online presence increases. The scary thing is when you don't know....The looking at source code is a good tip, but I am guessing that even at that, a good hacker can figure out how to stay hidden. Your bear analogy is good...also I think cat and mouse is too.

    matt
  • death note episodes · 1 year ago
    Wordpress is a great content management system. I think it is one of the best CMS's out there.
  • Ice Cream Scoops · 1 year ago
    Great point about checking out your source code. I haven't yet had a blog hacked but I feel it is inevitable. One nice feature with Wordpress is that it is easily apparent when an upgrade is released and they are relatively frequent. I assume they are staying on top of vulnerabilities. If you do have a blog and worry about being hacked at the very least make sure your wordpress is up to date (unless there is a plugin you can't live without) and keep regular backups.
  • meteorites for sale · 1 year ago
    Yea. It really depends if you are popular or not. I heard people getting their youtube, gmail and hotmail accounts hacked. Practically everything can be hacked and there is no stopping it. Like someone mentioned above. The white house even got hacked at one point and their security is top of the line. If someone wants to get in they will find a way to get in. No matter what you do. If there is a will there is a way.
  • Seguro Moto · 1 year ago
    I love wordpress, and have used it for about 3 years! I have been lucky and never had any intruders in my blog. I always keep the software up to date, sometimes it breaks something, but it's better that you know right away instead of having someone erase all your stuff!