- Thread starter
- #11
Wordpress Site Hacked !
- Thread starter somarco
- Start date
- 475
Re: Site Hacked!
One other tip about Wordpress security I forgot to mention is to keep an eye on the last edited dates of your files when you FTP into your server. If you see a bunch of things have moved to a date where you didn't do an update, you've probably been hacked.
One other tip about Wordpress security I forgot to mention is to keep an eye on the last edited dates of your files when you FTP into your server. If you see a bunch of things have moved to a date where you didn't do an update, you've probably been hacked.
- Thread starter
- #13
Re: Site Hacked!
Aaron, that would be good advice if I used FTP, but I don't. Probably like most, I manage the site from the admin section.
At least one of the files Robert noticed had a time stamp of 10/31/2011 . . . Halloween.
He said no way to know if the date stamp was bogus or not.
There was one bogus wp-x file that did not belong. Did not seemed to be tied to a normal WP plugin. The malicious code was embedded inside some "real" WP files. He was reviewing everything through shell access which allowed him to look inside the files and search for specific terms. When I mentioned poolstar he quickly found the bogey's.
Aaron, that would be good advice if I used FTP, but I don't. Probably like most, I manage the site from the admin section.
At least one of the files Robert noticed had a time stamp of 10/31/2011 . . . Halloween.
He said no way to know if the date stamp was bogus or not.
There was one bogus wp-x file that did not belong. Did not seemed to be tied to a normal WP plugin. The malicious code was embedded inside some "real" WP files. He was reviewing everything through shell access which allowed him to look inside the files and search for specific terms. When I mentioned poolstar he quickly found the bogey's.
Re: Site Hacked!
The problem? Individuals that have no clue on the effect of the spammy methods they use to promote or spread thier site across the web.
Automated link building techniques, placing anchor text on sites that are garbage. Chasing PR sites is a classic example.
Downloading 3rd party plug-ins that are not needed and vulnerable.
The list goes on and on and on................
When you employ these methods, You are opening up your site for these problems.
The problem? Individuals that have no clue on the effect of the spammy methods they use to promote or spread thier site across the web.
Automated link building techniques, placing anchor text on sites that are garbage. Chasing PR sites is a classic example.
Downloading 3rd party plug-ins that are not needed and vulnerable.
The list goes on and on and on................
When you employ these methods, You are opening up your site for these problems.
Last edited:
CaNewAgent
Expert
- 71
Sorry to hear your site got hacked. I'm glad you posted this information.
To anyone who reads this. Based on what I have read in the rest of this thread, do no use Word press to build your website. If the internal security is so poor, it can be hacked and the site owner does not know about it, you do not want to use this software.
To word press. It's time to clean up your act. There is no reason this software should be able to be hacked. Security needs to be number one not ease of use.
My recommendation is to have your son rewrite the site using software that cannot be hacked.
The wonderful world of windows based software. Security as an afterthought.
To anyone who reads this. Based on what I have read in the rest of this thread, do no use Word press to build your website. If the internal security is so poor, it can be hacked and the site owner does not know about it, you do not want to use this software.
To word press. It's time to clean up your act. There is no reason this software should be able to be hacked. Security needs to be number one not ease of use.
My recommendation is to have your son rewrite the site using software that cannot be hacked.
The wonderful world of windows based software. Security as an afterthought.
- 11,997
Not for nothing, but WordPress is opensource and freely available. There are a number of ways to prevent your sites from getting hacked and/or ways of being prepared so that you can just reload everything if it does happen.
G
Guest
Guest
Hmmm. What software is that? I've been writing code for 40 years (since I was 25) and I'd sure like to know about that software!
While some web servers run Windows and IIS, the vast majority run a Unix variant like Linux, FreeBSD, or Solaris along with Apache.
If you want to make the case that WP is insecure, there are tens of millions of people who will disagree with you. If you want to make the case that Windows and IIS have some security issues, those same millions will probably agree!
Josh is correct. Most often it is some (obscure) third-pary plugin that has a security vulnerability that gets exploited. But WP like the majority of heavily used open-source software, is remarkably stable and secure... partly because when a problem is found it is "jumped on" immediately and a revision is published which mitigates the number of potential hacks... so long as people are proactive in updating their sites... which is basically a one-click deal.
I've been putting up WP sites for four years now and have been part of the WP community even before that... and I've found the platform to be more secure than phpNuke, Dupal, Joom, and all the other popular CMSs out there.
Of course, YMMV.
Al
- Thread starter
- #19
G
Guest
Guest
What should the permissions be on WP files these days? I know what WP recommends, but often "field experience" like you have had is more accurate.
Thanks.
