Posted 2 years ago #
My sites have been hacked three times within the past week. They're both wordpress 2.0 (I haven't upgraded yet, but I feel I should if this problem were to be solved with the upgrade...) sites. Frankly, I'm getting very worried since one of the hackings involved my entire hosting account being taken over. Is there a serious flaw in wordpress?
Has this happened to anyone else?
There have been many flaws in Wordpress over time, but it is extremely rare for Wordpress to have a bug critical enough to enable a remote takeover.
What's most likely is that somebody got into another account on your shared server and was able to read and overwrite your files because you have incorrect permissions on those files. Set everything to 644 by default (your wp-config.php file should be 600, or 640 or 644, whichever is the lowest that allows the blog to continue to function). Some directories you may need to make 755. Occasionally (rarely) you may need to make one 775 or even 777. But those should be few and far between.
If you're running Wordpress 2.0, you should upgrade to at least 2.0.8. There are some security issues that have been solved since 2.0. I would hold off on the 2.1 upgrade for now, unless you enjoy fiddling with things. :)
Posted 2 years ago #
I just upgraded to 2.1 and that worked out fine. I had 2.0.8 before too. The first hacking I experienced I contacted my host immediately and they claimed it was my fault. :|
Of course they did. That's what they always do. But they're the ones with the log files, so if they don't tell you *how* you get hacked, then them telling you that it's your fault is less than helpful, isn't it? If you point that out and they refuse to show you relevant log files showing how you got hacked, then you need to switch hosts. That's my advice.
This topic has been closed to new replies.
