Support » Requests and Feedback » All these ‘Help my site is hacked’ posts

  • Hello fellas!

    What is it with wordpress? Approximately every 10th post discusses injections of some sort (iframes mostly). ‘Hacked’ is probably the most used word in the threads these days (in the How-To and Troubleshooting forum).
    I’m dealing with a project now, still considering wordpress as a cms. But these ‘Hacked sites’ makes me a little unsure.
    Myself, like most people do not have time to recover several times a week.

    I wonder if there is an explanation of why it is like this(?)

Viewing 4 replies - 1 through 4 (of 4 total)
  • Moderator Samuel Wood (Otto)

    (@otto42)

    WordPress.org Admin

    At present, there’s no known hacks for WordPress. However, 95% of time, WordPress is being run on shared servers with poor security. If one site on a shared server gets hacked, they all do. So we get these reports frequently not because of a flaw in WordPress, but because of its popularity and ease of setup.

    So I wouldn’t worry about it too much. If a security flaw is found, then there will likely be an immediate point release to patch the problem.

    I wonder if there is an explanation of why it is like this(?)

    There is.

    Myself, like most people do not have time to recover several times a week.

    Most people don’t have a need to.

    I think you may find frequent discussions of a similar nature in any Blog/CMS support forums. SQL, PHP, and server/web-site administration and security issues are not exclusive to WordPress. Nor is the introduction of malware onto the client machines that interact with those web servers, or the introduction of threats through third party plugins or modules. It seems lately that the frequency of conversation about ftp password harvesting on infected machines has been on the rise. Frankly, I get the overall feeling that most of the issues you read about here in the “hacked” discussions, were probably reasonably easily avoidable.

    I don’t think you can categorize it as one of those “what is it with WordPress” things. A large target audience just presents a larger target for people who feel they need to do that sort of thing.

    Thread Starter janviman

    (@janviman)

    So you can rely on wordpress in daily usage on an equal basis with others for example TextPattern, joomla?

    I know there are several who puts security as an important argument for the choice of blog software. Safety is the most important thing for most people. (On the edge software is’nt always the best.) I’m working a lot with Linux, and all of my servers are running Debian. Debian is one of the most stable serversoftware, but not exactly ‘on the edge’:)

    Thank you all for great answers 🙂

    Just to add my few cents. A few months ago, I had about 15 sites hacked into. The hacks were fairly innocent. The hacker simply added tons of links to porn sites at the bottom of the main index.php page.

    At first I thought that WordPress was the reason, but then realised that some static sites got hacked to. This confirmed that the server was the one with poor security.

    I host my sites on Dreamhost and at the time was using the same FTP u and p for about 20 sties. All of these were hacked. I changed my main Dreamhost webpanel and FTP usernames and passwords and now have different ones for each site. That seems to have done the trick.

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘All these ‘Help my site is hacked’ posts’ is closed to new replies.