WordPress.org

Ready to get started?Download WordPress

Forums

My host provider seems to acuse WordPress of being vulnerable to hackers attacks (9 posts)

  1. tarambana
    Member
    Posted 3 years ago #

    I got this from my host provider this morning:

    Security warning for websites using WordPress

    We’ve been made aware of a security issue facing websites using WordPress. We take security very seriously at xxxxxxx, so we want to check if this matter has affected your site.

    If you use the blogging platform WordPress on your web hosting, you may have been the victim of a security hack (please ignore this email if you haven't installed WordPress on your hosting).

    The problem is due to a security breach caused by hackers, who have targeted sites that use WordPress. WordPress is an open source application, making it vulnerable to such attacks.

    As your hosting provider, we want to help you counter this WordPress hack as quickly and as effectively as possible. To do so, please follow these simple steps as soon as you can...

    Is the

    WordPress is an open source application, making it vulnerable to such attacks
    that worries me. They don't give any explanation but seems to blame WordPress.
    The email continues to give instructions about how to eliminate the problem and offers a script to run and some securtity measures to restore WordPress instalations.
    Finally it concludes with:

    We'd like to stress that this WordPress hack bears no relation to the security of your Webfusion web hosting itself. This remains robust and very well protected from any attacks by hackers.

    If its true then there is a vulnertability in WordPress and my hostprovider is actually doing something about it; if not...
    any comments?

  2. mrmist
    Forum Janitor
    Posted 3 years ago #

    It seems like your hosting provider is engaging in what could be described as "pasing the buck".

    There are currently no known issues with WordPress. What there definitely are, are issues with shared hosting environments that allow hackers to traverse from one (exploited) account to another.

  3. As @mrmist said:

    There are currently no known issues with WordPress

    If you host believes they have found something please ask them to contact security@wordpress.org (unless they already have :-))

  4. tarambana
    Member
    Posted 3 years ago #

    They, the host provider, seem to have a methodology to erradicate the problem, a problem that semingly only affects WP. I´ve been told many times that the problem is not WP, then, how comes only WP users seem to be affected?

  5. @tarambana: Once hackers have gained access they will often scan for WP sites on the server simply because it is so popular and so will likely be used. They then add extra code to all the files :-(

  6. tarambana
    Member
    Posted 3 years ago #

    Do they add similar code to joomla or drupal settings?

  7. tarambana
    Member
    Posted 3 years ago #

    In any case I neglected to thank you all for your replies.
    All I want is to have a clear picture of what's going on and to be fare with all, including my server and host provider. The problem is that thee way they phrased things they've seem to have exculpated themselfs of all blame and placed it on WordPress.

  8. Rev. Voodoo
    Volunteer Moderator
    Posted 3 years ago #

    Yes hackers do. php files in general they will target. I've had joomla, drupal, SMF and ZenCart all be routes of attack.

    Numerous times, my SMF install was the weakness, but WordPress was the target.

  9. mikey1
    Member
    Posted 3 years ago #

    Hi all, just to add my five cents.
    All sites without question can be liable to exploits, you only have to be on shared hosting where other users aren't as vigilant about their site security as you are.
    The only issues I've had with clients using WordPress this year have all been caused by people not upgrading.
    I always think the best advice to anyone, is to keep WordPress and all your plugins up to date, and plugins no longer used delete them.
    The latest version is certainly secure.
    enjoy. Mike.

Topic Closed

This topic has been closed to new replies.

About this Topic