WordPress.org

Ready to get started?Download WordPress

Forums

Does WP allow hacking? (9 posts)

  1. Roar
    Member
    Posted 9 years ago #

    Someone posted this article:
    http://www.sencer.de/article/321/wordpress-textpattern-and-security

    And I did find something, it was related to CSRF. I wrote the general idea up an entry1 and a follow-up to it2. Of course with no mention of any specific software. In a Nutshell: I could have tried to delete entries on your weblog, just by you viewing this page – no matter your browser-vendor or settings. The success would not have been guaranteed, since it would have required that you had to be logged in to your site, or using the auto-login-feature – that however is not a rare condition. IMHO this was a pretty serious issue.

    It appears to be something of the Cookie Grabber genre, but I am just wondering if this is a hypothetical issue, is it restricted to IE since that browser has so many holes in it anyway?
    What concerns me most about this is the inability to backup.
    Help?

  2. masquerade
    Member
    Posted 9 years ago #

    In short, yes WordPress is still target to these vunerabilities. Should you be worried? Not necessarily, because attacks are very unlikely to be targetted at you. If you're still worried, then backup.
    WordPress doesn't lack the ability to backup, it simple expects the user to have their own method of backing up, since backups are so easy to generate today, especially with software like phpmyadmin.

  3. charle97
    Member
    Posted 9 years ago #

    your hosting provider should have the information you need to backup your site.

  4. Anonymous
    Unregistered
    Posted 9 years ago #

    Yes, of course WP allows hacking. The developers have been very careful to ensure that anybody with even the smallest amount of knowledge can get into your site and totally destroy it whenever they feel like it. At the same time, WP has code that hackers can use to steal your passwords, credit card numbers, and all of the serial numbers for your installed software. It will also steal your driver's licence number, phone number, and the keys for your car. Then, the code will paint your neighbors house pink, after erasing their hard drive and replacing all of the bookmarks for their browser to pr0n sites. It will then call your veterinarian and make an appointment to have you spouse spayed or neutered, and make reservations to 22 consecutive showings of Celine Dione in concert in Las Vegas.
    Then, with a special plugin, WP can be hacked to cancel your garbage pickup, stop your mail, and send all of your email addresses and your entire address book to every spammer database in the world.
    Other than that, however, WP is pretty secure.

  5. Kafkaesqui

    Posted 9 years ago #

    Well, at least it doesn't seem to keep you from backing things up...

  6. Roar
    Member
    Posted 9 years ago #

    ROTFL!
    Is there a plugin for walking the dog?

  7. Anonymous
    Unregistered
    Posted 9 years ago #

    "replacing all of the bookmarks for their browser to pr0n sites"
    No need to replace anything that's already there.

  8. Anonymous
    Unregistered
    Posted 9 years ago #

    The only WordPress hack I ever perpetrated was on the opensourcecms site, where I created two categories that were each other's parent.
    I wonder if that's still possible in 1.3....

  9. Here are some backup/restore instructions for WordPress: http://www.tamba2.org.uk/wordpress/backup/

Topic Closed

This topic has been closed to new replies.

About this Topic

Tags

No tags yet.