WordPress.org

Ready to get started?Download WordPress

Forums

Should we still trust using WP? (5 posts)

  1. tronicscribe
    Member
    Posted 4 years ago #

    After having all 4 of my websites hacked because of WP 2.8.1 (at least that is what my host told me) I'm unsure if I should keep using it. I use WP as a CMS for most of my clients, and I can't risk having their sites hacked because they haven't upgraded to the latest version of WP yet.

    Was this just a one time slip up with WP? Or should we fear that future versions might lack security and can be hacked again? I just need some reassurance that I can continue using WP for myself and my clients without having to keep constant watch on the upgrade versions. I thought I was on top of upgrading, but just one day too late cost me my sites.

    What do you all think?

  2. There are no known issues with WP 2.8.1 that would have made the sites at risk of a hack like that.

    The issue fixed in 2.8.2 was to do with a possible XSS which could direct you away from admin pages to another url.

    If you have details about a possible security issue from your host the please send them in to the WordPress security contact address.

  3. tronicscribe
    Member
    Posted 4 years ago #

    Hmmm, thank you. I am asking my host more about it. They told me it was hacked because I had an older version installed. However that version was 2.8.1 or possible 2.8

    I searched the forums and found a few other people who have had their sites hacked and were using 2.8.1, but you say there is no relation to that hacks and that version?

  4. hacked and were using 2.8.1, but you say there is no relation to that hacks and that version?

    I give this thread 2 seconds to go from 0-60. "60" being a pile on...

    Take a look at http://wordpress.org/search/hacked?forums=1

    Most if not all of those are due to 1) a host compromise or 2) running WordPress on a shared host in an un-secure way like having files set to 777, or my personal favorite 3) ran an old version, got hacked and did not realize it, upgraded to the current version and discovered the blog was still hacked.

    There have been at least one version of WordPress that was labeled "UPGRADE NOW OR DIE!!" (I exaggerate) but that has not happened in a while.

    I don't know why your 4 sites got hacked but don't be in a rush to jump on WordPress (Westi would know more better than many here). Ask you host for more information, specifically what was the entry point where your sites got compromised.

  5. tronicscribe
    Member
    Posted 4 years ago #

    Thanks you for your input. The only reason I'm a bit frantic is because my host seems to be a little mentally challenged. I have been in email communication with them for about 10 emails now and they just won't give me a straight answer or any useful information. I will email them with plenty of questions, and each time they email me back saying, "it was an old version of wordpress, will you take the steps to upgrade?"

    I've called them and gotten the same response. Yes I am on shared hosting, no my file permissions are not set to 777, I think 744 or something close to that. So now I'm starting to believe it was a slip up on my hosts end, not so much the version of WP I was using. I hate customer support. Thanks for all your guys help. I'm still trying to get my accounts back :(

Topic Closed

This topic has been closed to new replies.

About this Topic