Performancing Metrics

A Story of Fear: WordPress Hacks

I went away from home, on a micro weekend vacation, and on arrival to where I was staying there were numerous e-mails waiting in my account. It seems as though old versions of WordPress were being hacked and many clients and friends wanted their versions of WordPress upgraded. One of them, a business owner was very nervous about his WordPress blog, as he derives a reasonable amount of revenue from it.

The blog was running 2.8.3, one version behind the current 2.8.4. I did a quick check, and saw that 2.8.3 was secure from the issue going around, but the state of panic that spread through the blogosphere about making sure you had 2.8.4 left me having to defend my vacation.

I didn’t have the server details to do anything from where I was and the automatic upgrade wouldn’t work due to the strict folder permissions on their site.

It was interesting though that through the issue of a mass hack, it brought to the attention of many people that previously gave little thought to upgrading, an eye opening warning but it didn’t make them try to learn more about WordPress, the issue or the community. It only created panic and ridiculous hysterics.

The fact is that these security issues do little more than create panic when not properly reported to the public. Automattic was very good in their own blog, and worked on pushing out useful information, hopefully quelling some of the ridiculousness spreading through the blogosphere.

Some of my clients have become rather paranoid over the whole upgrading thing, still not heeding my warnings that a good backup system should also be in place for their files and database.

The fact is: WordPress has a low barrier for entry and attracts people that aren’t computer savvy to use it. WordPress has done as much as possible to help protect these people from themselves, through the use of the core upgrade tool, and the community driven backup and security plugins.

Now, what needs to happen is that those running on platforms like WordPress either need to take an active interest in the community, hire someone that has an active interest, or revert back to an HTML website that is so basic that there are no scripts to hack.

That’s just my two cents. If you want to read more on this issue, I suggest checking out a great article by Jeff Chandler entitled “Are You Responsible Enough To Run WordPress?”

Categories: WordPress News

This post was written by . You can visit the for a short bio, more posts, and other information about the author.

Comment with Your Facebook Account


  1. Jeffro ) says: 9/14/2009

    So, we actually agree on something. This weeks show ought to be filled with some interesting discussions.


  2. Pau OFlaherty says: 9/14/2009

    As I said over on Weblog Tools, it’s about time that people started pointing out that all the responsibility is not on the software providers side. The users have <a href=""a responsibility to be active and to educate themselves about the software and what is required to maintain it. If they’re not willing and or capable of doing what is needed then they need to go back to plain old html like you said.

    Thank you for coming out and saying it David :)


  3. Paul OFlaherty says: 9/14/2009

    Damn, sorry for not closing the tags on that link in the previous comment :(


  4. 张筱雨人体艺术 says: 9/14/2009


  5. mikeyaozm says: 9/19/2009

    Damn, sorry for not closing the tags


  6. Dianso says: 9/25/2009

    i used 2.9!


  7. Anonymous says: 8/10/2011

    Blogging is one way of communicating to your friends or online visitors and letting them know your insights regarding certain topics. Information is shared when you blog about something and you impart your knowledge in a form of opinion or objective reasoning. With this, your personal information is also shared and it is here that hacking can be a problem. Unfortunately, there are those who are up to no good and would just like to gather as much information as they can to either use for fraud or to destroy your wordpress blog. These days, fraud and piracy do not only happen with your credit billings or medical records ( -  it is now possible to gain access to your private information through hacking and we need to be aware of this so that we can think of precautionary measures to protect our blog sites.


  8. candy crush saga hack android says: 3/3/2014

    I am truly thankful to the owner of this web site who has shared this enormous post at at this place.