Recently, there have been more reports than normal of people having their blogs hacked. Some Splashpress Media blogs were effected, but only in so much that spam code was added to the entries, no personal data was accessed. Now I see that Vandelay Website Design’s blog has also been hacked. Is this all due to not-updating, or could there be other security concerns?
WordPress users, especially corporate and blog network users have to become more vigilant about making sure their WordPress blogs are up to date, their database and files are backed up, and that their file permissions are set correctly.
If anyone has any other security tips for WordPress users, please comment below. A security resource should be put together that goes above and beyond what I have already listed here.
Do you like this article? Submit it to Blogosphere News!
Categories
- Advertising
- Amazing Blogger
- Backups
- bbPress
- Blog Design
- Blog Statistics
- Blogger News
- Blogger Tools
- Blogging News
- Blogging Resources
- Blogging Sense
- Blogging Tips
- Blogging Tools
- Blogging: How To
- BloggingPro News
- Drupal
- Expression Engine Tips
- Feed Tools
- General
- Habari News
- Interesting
- Interview
- LiveJournal News
- Movable Type News
- Movable Type Tools
- Opinion
- Podcasting News
- Press Releases
- QuickLinks
- RSS & Atom
- SimpleLog News
- TypePad
- WordPress Hacks
- WordPress News
- WordPress Plugins
- WordPress Themes
- WordPress Tips
- WordPress Tools
Resources
Recent Entries
Recent Comments
- punkypaige: I am also like you but
- Blogging Pro Theme - Wordpress - IslandTemplates: [...] Blogging Pro Theme [ Demo
- Oyunlar: [...] from Blogging Pro recently published
- Oyunlar: nice article thanks
- Merrypic. Free Image hosting and Share Photo: very good thanks
- Jonathan Good: I wanted to say that I've
- قوالب مدونة وردبرس اكثر من رائعة: [...] Blogging Pro Theme [ Demo
- kızlarla sohbet: thank you very much.
- radyo dinle: oo süper this is fantastik.
- radyo dinle: oo süper this is fantastik.
Most Commented
- Blogging Pro's Theme Released (525)
- Feature: 5 Reasons to Use WordPress as CMS (460)
- CSS Optimization: Make Your Sites Load Faster for Free (214)
- Widget Ready Blogging Pro Theme (122)
- WordPress Theme Release: InSense (81)
- WordPress Theme Gallery (67)
- Autoblog Redesigns and Gives Away a 2007 Dodge Nitro (64)
- WordPress 2.4 Bumped to 2.5 (45)
- Habari: A New Blogging Tool (44)
- WPZipper: Updated (39)
9 Responses
Nothing To Say » Blog Archive » links for 2007-11-15
November 14th, 2007 at 7:27 pm
1[...] WordPress Hacking Increasing? Better get on that. [...]
Anna Vester
November 14th, 2007 at 8:43 pm
2Yep, I have noticed that about Vandelay as well. There is something weird going on. Bittbox is also having problems as of several day ago.
“The hack seems to be adding spammy links to my RSS feeds and (every once in a while) you might see a blank white screen with the phrase “Already hacked by Magic SEO Toolz.””
Here is link to a possible fix that was posted on the Devlounge website -
http://www.devlounge.net/articles/protect-your-wordpress-wp-config-so-you-dont-get-hacked
Hope this helps.
Alex Leonard
November 15th, 2007 at 5:04 am
3Regarding the correct setting of file permissions, I’ve often wondered exactly what the dangers are and what files shouldn’t ever have their permissions altered.
Various aspects of Word Press or Plugins require certain folders to have their file permissions changed to be writable (666?), but I never feel certain as to how risky this is?
Any suggestions?
わーどぷれすっ! » WordPress のハッキング被害が増えている?
November 15th, 2007 at 8:21 am
4[...] WordPress Hacking Increasing? より、ブログがハックされたとの報告が最近増えてきているとのこと。個人データへのアクセスではなく、投稿内にスパムコードが追加されるようだ。 [...]
Michael
November 16th, 2007 at 11:51 am
5@Alex Leonard: Having file permissions set at 666 or 777 means that, in theory, the world can write to the files with those permissions.
I learned this the hard way, when hackers uploaded various scripts for the purpose of sending spam emails. My web host suspended my account after they got away with a few hundred emails or so.
Unless absolutely necessary, NEVER leave file permissions at 666 or 777. The normal permission set, depending on the type of file, should be 644 (for static files, like HTML pages and images) or 755 (for things like Perl scripts).
These tips don’t just apply to WordPress. Keep them in mind when maintaining any Web application.
Alex Leonard
November 20th, 2007 at 4:23 am
6Thanks for that info Michael.
So does this mean that risks are there with WordPress needing, for example, the uploads folder to be set at 666.
Presumably there is no way around this.
William Teach
November 25th, 2007 at 6:32 pm
7My own site and a few others I know got hacked, having the htaccess file changed to have a 301 redirect, and some weird stuff after the body tag. The htacess was easy to fix, but, for the rest, actually had to upgrade to 2.3.1 to fix the issue. Not sure if got in through the admin panel or what.
free download
December 2nd, 2007 at 2:06 am
8Thank you.
i setup wordpress 2 day later hacking :S
Episode 33: WordPress 2.3.2 released, WordPress 2.4 missed and changes to the podcast | PHP Podcasts
February 12th, 2008 at 3:37 pm
9[...] security gains attention: David Airey hacked using a GMail exploit, Blogging Pro wonders how secure WordPress is, Simple Thoughts details ways to harden your WordPress blog from attack, Ryan Boren discusses ways [...]
RSS feed for comments on this post · TrackBack URI
Leave a reply