SitePoint Sponsor

User Tag List

Results 1 to 25 of 25
  1. #1
    SitePoint Enthusiast
    Join Date
    Mar 2008
    Posts
    33
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Can my Wordpress be hacked

    Hi,
    I am setting up a blog. I want a guy (who I dont know) to upload a new template and banner for me.
    Can he hack my wordpress as he will not be near the files. I can check the plug ins.
    Please dont say for me to upload it myself, I just cant get the hang of it.
    Thanks

  2. #2
    Follow Me On Twitter: @djg gold trophysilver trophybronze trophy Dan Grossman's Avatar
    Join Date
    Aug 2000
    Location
    Philadephia, PA
    Posts
    20,580
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    He can gain access to the entire blog just by hiding code in the theme.

  3. #3
    SitePoint Member
    Join Date
    Sep 2008
    Posts
    13
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    The simple answer is yes it can be hacked and two of mine have been hacked in the last 3 weeks.
    Changing your CHMOD permissions will help prevent a lot of it so make sure you dont make every file writable as this will make it even easier for them.

  4. #4
    SitePoint Enthusiast
    Join Date
    Mar 2008
    Posts
    33
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by markanthony04 View Post
    The simple answer is yes it can be hacked and two of mine have been hacked in the last 3 weeks.
    Changing your CHMOD permissions will help prevent a lot of it so make sure you dont make every file writable as this will make it even easier for them.
    Can you explane what CHMOD is, Thanks.

    Is it possible to check the theam, to make sure its all right?

  5. #5
    Follow Me On Twitter: @djg gold trophysilver trophybronze trophy Dan Grossman's Avatar
    Join Date
    Aug 2000
    Location
    Philadephia, PA
    Posts
    20,580
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by B1gft View Post
    Can you explane what CHMOD is, Thanks.

    Is it possible to check the theam, to make sure its all right?
    If you know PHP and the WordPress theme API well, sure, you can read all the code and look for anything that doesn't belong.

    I suggest simply not giving access to your site to someone you don't trust.

  6. #6
    Word Painter silver trophy Shyflower's Avatar
    Join Date
    Oct 2003
    Location
    Winona, MN USA
    Posts
    10,053
    Mentioned
    142 Post(s)
    Tagged
    2 Thread(s)
    You don't need to upload a new template to create a new WP theme. The theme, or design, is all in your css style sheet. The changes you need for a new theme are:

    • code your design into your style sheet.
    • reference your style sheet in your header template.


    Your helper doesn't need access to your WP site to do either. You can find your style sheet by going to your theme editor that shows in Appearance in your WP admin panel.

    Copy and paste it into a text editor such as note pad.

    Give your copy to your helper and let him code your template into the style sheet. when he's done, go back into your theme editor, delete the old style sheet (keep a copy of it though, just in case.) and paste the new one in. Save your changes.

    If you keep the name "style.css" in your theme. You don't even need to make a change in your header template.
    Linda Jenkinson
    "Say what you mean. Mean what you say. But don't say it mean." ~Unknown

  7. #7
    Follow Me On Twitter: @djg gold trophysilver trophybronze trophy Dan Grossman's Avatar
    Join Date
    Aug 2000
    Location
    Philadephia, PA
    Posts
    20,580
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    Editing just the stylesheet lets you change a lot, but it's not equivalent to being able to edit the theme. You can't add a second sidebar, or widgetize a new region of the page. You can't switch from excerpts to full posts in post lists if the current theme is calling the_excerpt(). You can't make one category's page look different from another category's. You have to edit or create new theme files to make functionality changes.

  8. #8
    SitePoint Zealot FrisArvz's Avatar
    Join Date
    Jan 2009
    Posts
    147
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Try this search term in Google:

    "powered by wordpress" + "blog"

  9. #9
    SitePoint Zealot FrisArvz's Avatar
    Join Date
    Jan 2009
    Posts
    147
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    The best thing to do is ask help (in your uploading problem) to someone you can trust with.

  10. #10
    Non-Member
    Join Date
    Apr 2008
    Location
    London
    Posts
    188
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    It can be hacked.
    The reasons can be different:
    - not legal content;
    - duplicate content;
    - somebody will report on you;

  11. #11
    SitePoint Zealot timonweller's Avatar
    Join Date
    Jan 2009
    Posts
    121
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    This has happened to me also twice recently, make sure it is the latest version and install the security plugin.. It helps heaps..

  12. #12
    Word Painter silver trophy Shyflower's Avatar
    Join Date
    Oct 2003
    Location
    Winona, MN USA
    Posts
    10,053
    Mentioned
    142 Post(s)
    Tagged
    2 Thread(s)
    Quote Originally Posted by Dan Grossman View Post
    Editing just the stylesheet lets you change a lot, but it's not equivalent to being able to edit the theme. You can't add a second sidebar, or widgetize a new region of the page. You can't switch from excerpts to full posts in post lists if the current theme is calling the_excerpt(). You can't make one category's page look different from another category's. You have to edit or create new theme files to make functionality changes.
    I guess I didn't consider that because I am used to using template tags to make modifications. However, the OP can still copy any theme file using the theme editor and give it to his helper to modify. The worry there would be the helper could put in some type of javascript or php that would breach security.

    Additionally, if he needs to make changes outside of the css, the only way to check the theme to see if it works is to copy the new theme into a WP theme editor. Of course, if his helper already uses word press, he could try it on his own installation.
    Linda Jenkinson
    "Say what you mean. Mean what you say. But don't say it mean." ~Unknown

  13. #13
    SitePoint Enthusiast ishan001's Avatar
    Join Date
    Jan 2009
    Location
    India
    Posts
    42
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Yes, your blog can get hacked. Best way to avoid this is by hiring someone trusted and well-knows. You will have to pay more but trust and security are there!
    WordPress Blog Experts - Quality WordPress Setup Services.

  14. #14
    SitePoint Enthusiast
    Join Date
    Jun 2005
    Posts
    41
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    what you should do get into your control panel of your web site and make your own ftp account for this person that will only allow him access to the themes directory on your site. This will lock him down. Greg Ellison

  15. #15
    Follow Me On Twitter: @djg gold trophysilver trophybronze trophy Dan Grossman's Avatar
    Join Date
    Aug 2000
    Location
    Philadephia, PA
    Posts
    20,580
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by gregee View Post
    what you should do get into your control panel of your web site and make your own ftp account for this person that will only allow him access to the themes directory on your site. This will lock him down. Greg Ellison
    Still comes down to trusting anyone you give access to your site to. He can upload a file manager script there and then have full access to all the files of the site through the browser.

  16. #16
    SitePoint Enthusiast redalfa's Avatar
    Join Date
    Jun 2008
    Posts
    57
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Have the authority, of course, the hack may have been, unless it is trust.If you want to guarantee the safety of their own blog, or do it yourself. If it can not do, how do you to build blog?
    Love computers,to play Warcraft longing for happy healthy life

  17. #17
    SitePoint Enthusiast
    Join Date
    May 2009
    Posts
    88
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    If you don't trust them find someone you do trust.

    And learning the basics of cPanel and FTP is going to really help you in the long run. Unless you have the resources to hire an assistant to do those things for you... I think you are fighting an uphill battle you can't win.

    Use Youtube to find a video that shows you how to upload a template. Once you learn how you will realize just how simple it is and then you'll be over your fear of learning.

  18. #18
    Non-Member
    Join Date
    Mar 2009
    Posts
    76
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Yes he can access

  19. #19
    Non-Member thewebhostingdir's Avatar
    Join Date
    Oct 2005
    Posts
    703
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    yes, it can be hacked. He can add any code to your theme without your knowledge, and it is very difficult to find out.

    I would suggest you to look after the codex.wordpress.org. which provides you all the steps to manage your wordpress. Also, you can consult a genuine organization, any website, which provides paid wordpress support and customization. At least, you can find out reveiws about them.

  20. #20
    SitePoint Zealot riderbabygurl's Avatar
    Join Date
    Feb 2009
    Posts
    137
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Yes! Simply because he can access, so the best solution is try to do it by yourself by means of your determination to learn it. Then if you can't do that thing maybe you can trust someone whom you really trust I mean a good friend.

  21. #21
    SitePoint Zealot infinique's Avatar
    Join Date
    May 2009
    Posts
    167
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Yes, it's possible to be hacked. One of my friend's site was hacked by a Russian Programmer that stuffed links onto the footer.

  22. #22
    SitePoint Zealot
    Join Date
    Dec 2008
    Location
    America
    Posts
    114
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Yes it can be hacked, but you can get plugins to help prevent your blog from being hacked.

    Just check the wordpress plugin directory. But more important is just to make certain you have someone trustworthy working on your blog.

  23. #23
    SitePoint Wizard rguy84's Avatar
    Join Date
    Sep 2005
    Location
    Durham, NC
    Posts
    1,659
    Mentioned
    5 Post(s)
    Tagged
    0 Thread(s)
    It can be hacked. To upload a theme you need ftp access to the site, unless he is writng over some other theme (like k2). He then can embed scripts there to do whatever
    Ryan B | My Blog | Twitter

  24. #24
    SitePoint Member
    Join Date
    Jul 2008
    Posts
    20
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Angry

    Hi

    Yes it can be hacked because he has accessed.


  25. #25
    SitePoint Wizard ryanhellyer's Avatar
    Join Date
    Oct 2006
    Location
    New Zealand
    Posts
    2,323
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I'm not even sure it would be called 'hacking'.

    It's like giving someone the keys to your house, going on holiday for a day and hoping all your stuff is there when you get back. So you definitely need to trust the person you are giving access. No 'hacking' would be necessary since you are giving them direct access.


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •