Comments on: WordPress Has Been Hacked: Are You Protected?

By: James

James — Sun, 26 Oct 2008 17:31:55 +0000

Nothing wordpress does can help you from being hacked, it’s a sad truth but with each new release the hackers also have access to the new release and thus they still know what to do in order to hack your blog.

Only way to protect yourself is to get WP Secured (see url) as it takes you step by step on what to do to change the functionality of your blog so the hackers can NOT hack your blog.

WordPress.org will not do this for you, you must take action now and save yourself alot of trouble in the future..

James

By: chineseguy

chineseguy — Tue, 26 Aug 2008 09:01:04 +0000

suffered twice) – I believe wordpress is trying to fix the bugs and holes continuesly, but still you have to be careful, change your passwords frequently, make it hard to guess, get a good hosting company, besides try to make backups frequently.

By: bonfide

bonfide — Fri, 06 Jun 2008 21:33:03 +0000

In the process of getting back up from a hack that inserted the code.. I’m re-installing a current version of WP and then reloading a copy of my database and tweaking it on an air gapped local box. Then it will go back up and I’ll petition Google for a clean review.

God help the hacker if I ever found him/her….

By: GhostHoster

GhostHoster — Mon, 26 May 2008 13:42:24 +0000

I think hacking wordpress is very easy compared to any other things !!!
really ,
Look
most of the WordPress blogs have Admin as username and u just need to find the password.
Just try few combinations with blog auther name or blog name

simple 🙂

By: Matt Ridout

Matt Ridout — Mon, 28 Apr 2008 09:21:07 +0000

Really informative post about wordpress – I will have to keep my eyes open!

By: Utah SEO

Utah SEO — Sun, 27 Apr 2008 02:50:58 +0000

Man I hate those damn iFrame hacks.

By: Marc

Marc — Sun, 27 Apr 2008 02:39:09 +0000

one of my wordpress sites was hacked a month ago and they used it to send out spam for a few hours before i shut them out. my host thinks it was because i was still using a slightly old version of wordpress

so we also have to be on the lookout for files installed which can send out email and can bypass the servers normal email procotols and safegaurds

im still a big supporter of wordpress though

By: Partnervermittlung Ukraine

Partnervermittlung Ukraine — Sat, 26 Apr 2008 09:58:51 +0000

Very helpful – but I’d rather suggest to subscribe to the WordPress Development blog to get notifications for urgent security updates than update on a monthly schedule.

A monthly schedule might leave your blog vulnerable for as much as 30 days if you happen to miss a fix by just one day. That’s an eternity for hacker to target your site.

By: TheWis

TheWis — Fri, 25 Apr 2008 22:28:50 +0000

@Make Money Blogging
Here is a list of the emails that will get a copy of Google’s malware notification:
abuse@domain.com, admin@domain.com, administrator@domain.com, contact@domain.com, info@domain.com, postmaster@domain.com, support@domain.com, webmaster@domain.com

The message will start like this:

Dear site owner or webmaster of domain.com,

We recently discovered that some of your pages can cause users to be
infected with malicious software. We have begun showing a warning page
to users who visit these pages by clicking a search result on
Google.com.
Below is an example URL on your site which can cause users to be
infected (space inserted to prevent accidental clicking in case your
mail client auto-links URLs):

By: Dr. Mike Wendell

Dr. Mike Wendell — Fri, 25 Apr 2008 15:01:01 +0000

The pages in the upload directory is being abused via blog and forum spam. We’re getting tons of spam pointing to such pages.