SitePoint Sponsor

User Tag List

Page 1 of 2 12 LastLast
Results 1 to 25 of 31
  1. #1
    SitePoint Evangelist happybrian's Avatar
    Join Date
    May 2008
    Posts
    589
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Is wordpress suseptable to hacks?

    Hi! I had a couple of blogs in the past, they did well for years and built a readership and were ranking on some very low traffic terms.
    then they got hacked. Google pulled them from the idex and my readership vanished. I am thinking about going with wordpress.

    Before I go any further, can anyone tell me if wordpress are hack resisitant?
    Last edited by r937; Mar 13, 2009 at 05:30.

  2. #2
    Programming Since 1978 silver trophybronze trophy felgall's Avatar
    Join Date
    Sep 2005
    Location
    Sydney, NSW, Australia
    Posts
    16,789
    Mentioned
    25 Post(s)
    Tagged
    1 Thread(s)
    The latest version of WordPresas itself is reasonably hack resistant. Whenever a new exploit is found a new version release to plug it usually follows fairly quickly.

    The reasons why some people have problems is that they either don't keep up to date with the latest version and are running an old version with known holes OR they are not careful about what plugins that they run and have installed a plugin that has an unplugged hole.
    Stephen J Chapman

    javascriptexample.net, Book Reviews, follow me on Twitter
    HTML Help, CSS Help, JavaScript Help, PHP/mySQL Help, blog
    <input name="html5" type="text" required pattern="^$">

  3. #3
    SitePoint Addict kiduka's Avatar
    Join Date
    Mar 2008
    Location
    UK
    Posts
    265
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I think wordpress are head of their game. I think their better prepared for a hack more than blogger.

  4. #4
    SitePoint Zealot MajorTom's Avatar
    Join Date
    Aug 2007
    Location
    Planet earth
    Posts
    109
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by felgall View Post
    The reasons why some people have problems is that they either don't keep up to date with the latest version and are running an old version with known holes OR they are not careful about what plugins that they run and have installed a plugin that has an unplugged hole.
    I usually wait a few months to see if a new release is stable before upgrading. Remember, there have been significant issues with the latest version being buggy as well.... however, you are spot on about plugins being the weakest link some times.

    A few things you can do to prevent hacking is to turn off user registration, turn off uploads, use minimal plugins and remove the WP version in your source code.

  5. #5
    SitePoint Evangelist happybrian's Avatar
    Join Date
    May 2008
    Posts
    589
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    So to confirm then:
    WP is good as long as you:

    remove the WP version from the source code
    upgrade regularly - but not instantly as sometimes the upgrades themselves are unstable
    be careful about what WP plug ins are installed, as they can leave holes.

    If I have missed anything out - let me know, or any additional comments are always welcome! Thanks everyone, that is all good to know.
    H.B.
    Last edited by r937; Mar 13, 2009 at 05:28.

  6. #6
    Programming Since 1978 silver trophybronze trophy felgall's Avatar
    Join Date
    Sep 2005
    Location
    Sydney, NSW, Australia
    Posts
    16,789
    Mentioned
    25 Post(s)
    Tagged
    1 Thread(s)
    Quote Originally Posted by MajorTom View Post
    I usually wait a few months to see if a new release is stable before upgrading.
    Most of the recent versions have been urgent security patches so if you wait a few months you are leaving known security holes for people to exploit while waiting to see if the security patch introduced further bugs.
    Stephen J Chapman

    javascriptexample.net, Book Reviews, follow me on Twitter
    HTML Help, CSS Help, JavaScript Help, PHP/mySQL Help, blog
    <input name="html5" type="text" required pattern="^$">

  7. #7
    SitePoint Addict CWebguy's Avatar
    Join Date
    Mar 2009
    Posts
    247
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    As long as you keep it up to date.

  8. #8
    SitePoint Member
    Join Date
    Mar 2009
    Posts
    12
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    hack can be possible if u installed a faulty plug in for ur blog

  9. #9
    SitePoint Addict CWebguy's Avatar
    Join Date
    Mar 2009
    Posts
    247
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    In that case, also keep your plugins up to date.

  10. #10
    SitePoint Zealot superjacent's Avatar
    Join Date
    Jun 2007
    Location
    Melbourne, Australia.
    Posts
    121
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Wordpress or any other software program is not hacker safe. Someone, somewhere will find an exploit and hence that's usually the reason for upgrades.

  11. #11
    Programming Since 1978 silver trophybronze trophy felgall's Avatar
    Join Date
    Sep 2005
    Location
    Sydney, NSW, Australia
    Posts
    16,789
    Mentioned
    25 Post(s)
    Tagged
    1 Thread(s)
    Quote Originally Posted by CWebguy View Post
    In that case, also keep your plugins up to date.
    You also need to be careful where you get the plugins from - some of them are written by people who don't understand security all that well.
    Stephen J Chapman

    javascriptexample.net, Book Reviews, follow me on Twitter
    HTML Help, CSS Help, JavaScript Help, PHP/mySQL Help, blog
    <input name="html5" type="text" required pattern="^$">

  12. #12
    SitePoint Addict
    Join Date
    Jun 2004
    Location
    somewhere
    Posts
    218
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I think it's crazy that there are still people who are on WP 2.0 or lower.
    TYCP Magazine
    Picspaces - image hosting with unlimited bandwidth
    Hollywood Encountered - submit your celebrity encounters

  13. #13
    SitePoint Zealot
    Join Date
    Oct 2008
    Posts
    113
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Is there a way to check your plugins for any security holes? If I get them off the wordpress site, I've always assumed they were OK.

  14. #14
    SitePoint Member
    Join Date
    Feb 2009
    Posts
    23
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Installing only most used plug ins must be a fine solution.

  15. #15
    SitePoint Member
    Join Date
    Mar 2009
    Posts
    1
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    WP is leading all blog stuff so i think its a little more secure than others

  16. #16
    Mazel tov! bronze trophy kohoutek's Avatar
    Join Date
    Aug 2004
    Location
    Hamburg, Germany
    Posts
    4,248
    Mentioned
    30 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by tamerkin View Post
    WP is leading all blog stuff so i think its a little more secure than others

    Which may be precisely the reason why hackers prefer injecting popular systems such as Wordpress. Has a higher satisfaction guarantee.
    Maleika E. A. | Rockatee | Twitter | Dribbble



  17. #17
    SitePoint Zealot superjacent's Avatar
    Join Date
    Jun 2007
    Location
    Melbourne, Australia.
    Posts
    121
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by kohoutek View Post
    Which may be precisely the reason why hackers prefer injecting popular systems such as Wordpress. Has a higher satisfaction guarantee.
    Exactly. Spot on.

  18. #18
    SitePoint Enthusiast
    Join Date
    Dec 2008
    Posts
    53
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    It depends if you use the old version, always update it, I have experience it and I update it and my wordpress blog is safe now.

  19. #19
    SitePoint Addict CWebguy's Avatar
    Join Date
    Mar 2009
    Posts
    247
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Wordpress has a very large fan base/code crew, so it stays pretty/very up to date, as long as you update it.

  20. #20
    SitePoint Evangelist zeruel's Avatar
    Join Date
    Feb 2008
    Location
    SouthEast
    Posts
    455
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by kenbrower View Post
    Is there a way to check your plugins for any security holes? If I get them off the wordpress site, I've always assumed they were OK.
    I am also wondering about that. I guess wordpress has been working hard to prevent these hackers get in the game.

  21. #21
    SitePoint Zealot superjacent's Avatar
    Join Date
    Jun 2007
    Location
    Melbourne, Australia.
    Posts
    121
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    If hacking is such a concern then an option that you could consider is using a lesser known blogging system or roll your own. More Microsoft/Windows products are hacked than Linux simply because Windows is the number one operating system by far.

  22. #22
    SitePoint Enthusiast
    Join Date
    Oct 2008
    Posts
    42
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Great information about wordpress here.. I really never thought that it needs to be updated to escape aways from those aggressive hackers lurking around waiting for a vulnerable prey.. Thanks for the shared thoughts..

  23. #23
    SitePoint Addict CWebguy's Avatar
    Join Date
    Mar 2009
    Posts
    247
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by superjacent View Post
    If hacking is such a concern then an option that you could consider is using a lesser known blogging system or roll your own. More Microsoft/Windows products are hacked than Linux simply because Windows is the number one operating system by far.
    Although this might appear to be true, more popular software like windows, wordpress, etc. are usually more stable due to greater number of updates, holes found, etc. IE is actually safer than Firefox, just targeted more, so it's a trade off. As long as people are working on it, you should be fine. "Should" be key word, nothing is bulletproof. Keep your stuff updated.

  24. #24
    SitePoint Member
    Join Date
    Dec 2008
    Posts
    11
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I also suggest addtionally

    to do regular backups of your document root and database.
    like to have some cronjob which will copy then tar.gz your files
    and database dump.

  25. #25
    SitePoint Zealot superjacent's Avatar
    Join Date
    Jun 2007
    Location
    Melbourne, Australia.
    Posts
    121
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by skinstc View Post
    I also suggest addtionally

    to do regular backups of your document root and database.
    like to have some cronjob which will copy then tar.gz your files
    and database dump.
    Good advice though I've been doing that manually, really should automate it.


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •