One Of My WordPress Sites Was Hacked- And I Thought It Would Never Happen To Me

October 15th, 2007 by Vlad | Filed under Other (Fom Old Blog).

I thought that bloggers who did not use WordPress as their preferred publishing platform due to security risks were a little paranoid, I was wrong. In fact I was proven dead wrong the other day when one of my websites was hacked. As much as I like WordPress, I think the dislike is growing stronger with every passing day.

This is particularly troubling because in my case it was one of those “good hackers”- unfortunately unlike Ray, I am not too interested in updating my WordPress just yet. It all looks way too suspicious to me. I know that I am being paranoid, but I can’t help but suspect “the most important Matt on the web” and his companions to have something to do with it.

I am not sure if this recent hack was related to vulnerability of wp-config.php file, but according to Dane, by default, WordPress becomes very attractive to hackers. Dane also gives a solution of how moving some sensitive info out of your wp-conifg.php file can improve your WordPress security.

I recommended Dane’s blog to my readers on several occasions, he is a true master of “WordPress Troubleshooting”- and his solution for wp-config.php file is quite brilliant. Thanks Dane!

Share and Enjoy:

Tags: Affiliate Marketing

Viewing 12 Comments

45n5 10/15/2007 03:25 PM 1 point
Please login to rate.

Do you already have an account? Log in and claim this comment.

Sorry to hear about getting hacked.

There is no paranoia, stories of wordpress installs getting hacked are a dime a dozen.

On the other hand, there are very few stories of something like typepad being hacked.

reply edit reblog flag record video comment

http://www.45n5.com

Vlad 10/15/2007 03:32 PM 1 point
Please login to rate.

Do you already have an account? Log in and claim this comment.

Mark,

Believe it or not it happen the same day I asked you about Group Platform. How ironic!

It really sucks though. I understand why you are programing your own blogs.

reply edit reblog flag record video comment

http://www.volodymyrzablotskyy.com

Dane Morgan 10/15/2007 03:48 PM 1 point
Please login to rate.

Do you already have an account? Log in and claim this comment.

I feel you pain. I was hacked earlier this year, and actually they got into several of my niche blogs and converted them into phishing sites. I lost a LOT of hard work and some significant income.

WordPress suffers from the same main security flaw as Internet Explorer. The flaw is market share dominance. Sure you could spend time writing code to compromise Safari or Opera, or TypePad or dBlogger, but there aren't that many people using them in comparison. The best bang for the buck, and them most likely you are to get a lot of blogs (or browsers) and to have a lot of them still using the insecure older versions after updates are left is to target the ones with the most market share.

That is why it's so important that you stay on top of upgrades. And not just to WP itself, but to plugins you are using. plugins can be compromised and if not updated, they leave security holes into your blog.

reply edit reblog flag record video comment

http://danemorgan.com/

Vlad 10/15/2007 03:56 PM 1 point
Please login to rate.

Do you already have an account? Log in and claim this comment.

Dane,

To be honest I just way too lazy, I generally wait until the upgrade is available via Fantastico- yeah I know.

The other part is that I ran into problems a few times that themes were not compatible with the latest updates, and the theme authors did not care either. Are you releasing any of your themes soon?

reply edit reblog flag record video comment

http://www.volodymyrzablotskyy.com

Deaf Musician 10/15/2007 04:05 PM 1 point
Please login to rate.

Do you already have an account? Log in and claim this comment.

That doesn't mean typepad is safe. Let me give you an example...

If you choked eating a pretzel, would anyone know / care? But... if President Bush choked eating a pretzel, the whole world would hear about it.

So the point is, the more popular you are, the more coverage you will get.

reply edit reblog flag record video comment

http://deafmusician.com

45n5 10/15/2007 04:11 PM 1 point
Please login to rate.

Do you already have an account? Log in and claim this comment.

you also might not be hearing about typepad folks getting hacked because people on typepad aren't getting hacked!

reply edit reblog flag record video comment

http://www.45n5.com

Vlad 10/15/2007 04:37 PM 1 point
Please login to rate.

Do you already have an account? Log in and claim this comment.

Mark,

That may be true, however I think WordPress outperforms most of the other platforms, yes you need an arsenal of plugins to get things the way you want them to be but at the end of the day there is a reason why WordPress is so popular.

I don't know I am not convinced either way. At least I know WordPress better by now, I hate to spend any more time on all sorts of learning curves, especially one's that can be avoided. I am getting old. lol

reply edit reblog flag record video comment

http://www.volodymyrzablotskyy.com

45n5 10/15/2007 05:19 PM 1 point
Please login to rate.

Do you already have an account? Log in and claim this comment.

I agree wordpress has many advantages.

This post was about security that's why i was mentioning the typepad alternative.

If you are suggesting a "secure" solution for somebody I don't think wordpress should be the first thing you mention.

reply edit reblog flag record video comment

http://www.45n5.com

Vlad 10/15/2007 05:54 PM 1 point
Please login to rate.

Do you already have an account? Log in and claim this comment.

I hear you Mark,

But I also have to agree with "Maestro" on WordPress being the most popular one:
http://www.problogger.net/archives/2006/01/18/b...

If I were a hacker I would probably be more tempted by "bigger fish"- which doe not explain why my site was hacked.

Oh well I am going to sleep on it.

reply edit reblog flag record video comment

http://www.volodymyrzablotskyy.com

Dane Morgan 10/15/2007 08:57 PM 1 point
Please login to rate.

Do you already have an account? Log in and claim this comment.

Well, I've kind of put theme development on a back burner. I've got five or so nearly completed themes but haven't made the time to polish them. I've been working on my niche marketing membership blog mostly of late, trying to get the value I want into it without the workload it's turning into on me.

But I could probably whip something up for you if you gave me an idea what you were looking for.

It's really a shame that a theme ever "breaks". Template tags are deprecated for several versions before they are removed, so it isn't like it was a surprise to anyone that tags they were using were going away.

"yes you need an arsenal of plugins to get things the way you want them'

You know, I used to have loads and loads of plugins, but as time goes by, I'm selecting them with more critical thought. I'm using fewer and fewer of them. I've probably eliminated over 75% of the number of plugins I was using a year ago. When you consider how many more there are now, that's something. I really ask myself if a plugin will actually add traffic, conversion or user value to my blog before I even consider trying it these days. i'm getting really minimalist about it, and honestly, it's early days for some of the changes I'm making, but it seems to be making things better at the start.

reply edit reblog flag record video comment

http://danemorgan.com/

Ray Dotson 10/17/2007 09:45 AM 1 point
Please login to rate.

Do you already have an account? Log in and claim this comment.

Hey Vlad, thanks for linking and helping to call more attention to this whole issue. Mark and Dane make great points about the vulnerabilities of wordpress. I've been thinking about this for a while and I've decided to not use wordpress for any of my other sites. It's just too much work to keep up with updates, security, comment spam, etc. It's much easier to put together websites with a little bit of html or php, etc. Wordpress is a great piece of software, but it's often way too much for simple sites.

Also, there's no question that being a big player does draw more attention from bad guys. Who has time to keep up with being constantly attacked? That's why I prefer to use macs and linux for real security.

reply edit reblog flag record video comment

http://freshblogger.com

Vlad 10/17/2007 10:20 AM 1 point
Please login to rate.

Do you already have an account? Log in and claim this comment.

Ryan,

Thanks for stopping by. I envy you guys, or anyone who can write a piece of software. Fro rest of us we have to use what is available for free. But I agree with Dane that WordPress is the best you bang for the buck.

I think my problem for not updating regularly is due to the fact that I have modified this theme quiet a bit and am using number of plugins. So every time there is an update I wonder if things will be compatible. So I taking Dane route- and will try to become minimalist- less plugins.

reply edit reblog flag record video comment

http://www.volodymyrzablotskyy.com