WordPress.org

Ready to get started?Download WordPress

Forums

WordPress getting hacked left right and center (11 posts)

  1. fishingthailand
    Member
    Posted 5 years ago #

    I have to say having used wordpress for 4 or 5 months only to find my sute got hacked to bits and I have lost a lot of work, I am very dissapointed with wordpress, and will cease using it immediately. Upon looking for alternatives I was shocked to find some that do almost as much as wordpress but with a fraction of the script, and its all that script (mgs of it!) That makes wordpress so very vulnerable to hackers and worst still hard to repair once they get in, becuase the inject poison script all over the place.

    I laughed when I read wordpress' article "hardening wordpress" since its basically admitting the software has a plethora of security issues, if only I had read it before I entrusted the software as a platform from which to do my web based work.

  2. figaro
    Member
    Posted 5 years ago #

    I laughed when I read wordpress' article "hardening wordpress" since its basically admitting the software has a plethora of security issues

    Wrong. It's only showing that there are things you can do to harden wordpress. I assume one of those things was to change the default admin username from "admin" to something else. Hardly a security hole, unless you also set your password to your first name ;-) One of the other "hardening" suggestions may have been to change the db table prefixes to something other than wp_, again, hardly a security issue unless you have other server issues that allows a person in. I'm sure WordPress is no less secure than the other apps you found...and I'm also sure it's far more secure than a lot of other "less developed" apps.

    However, if you are not happy with it, then you should move on to something else. I've done that with other software when I found something I liked better. When I find a blogging platform that's better than WP then I'll probably move as well...not holding my breath on finding that any time soon though ;-) Best of luck.

  3. Samuel B
    moderator
    Posted 5 years ago #

    What's really funny is folks think any php/mysql app is all that secure with shared servers and not educated users...and 90% of the time it isn't the app anyway.
    google any app on security breeches that you decide to switch to.

  4. fishingthailand
    Member
    Posted 5 years ago #

    Samboll,

    Couldnt agree with you more. I knew some of the risks of using writeable php files, the trouble is word press uses so many that the risks seem to rise accordingly. Yes of course it doesnt help that wordpress is being adopted by relatively novice webmasters of which I consider myself to be one funny though when you enquire to so called professionals about help fixing the damage by a hack, seems I'm not as novice as I thought! Most havent a clue, either about making wordpress more secure, or fixing it after the fact. Having spent two days reading up on the subject, it became clear to me that I wasnt alone in these problems. It seems wordpress needs to find a polite way to either disuade those unqualified in php from using it, or at least have a better support system in place for helping fix the problems that come about as a result of those who dont have a degree in writing script from using the software. Having read the forums it seems very few people have a clue how to remedy many of these hacks.

  5. alteredstate
    Member
    Posted 5 years ago #

    Um ... okay a newbie question.

    Figaro suggests changing the username which makes total sense - except on the 'general settings' page it says the user name cannot be changed. I've changed my password - am I now stuck with 'admin' or do I go somewhere else?

    Thanks!

  6. figaro
    Member
    Posted 5 years ago #

    You can use the same process I show in the video below to change the password in phpMyAdmin. The only exception is don't do the MD5 part.

    http://educhalk.org/blog/?p=23

  7. alteredstate
    Member
    Posted 5 years ago #

    Great thanks figaro :-)

  8. whooami
    Member
    Posted 5 years ago #

    It seems wordpress needs to find a polite way to either disuade those unqualified in php from using it, or at least have a better support system in place for helping fix the problems that come about as a result of those who dont have a degree in writing script from using the software. Having read the forums it seems very few people have a clue how to remedy many of these hacks.

    in a perfect world, perhaps.

    --

    I had 5-6 paragraphs written out below that I deleted before posting. There are just so many ways that what you said above is wrong, I might have never stopped typing.

  9. StrangeAttractor
    Member
    Posted 5 years ago #

    A personal observation from using WordPress since 2.0 and frequenting these forums... the last couple versions of WordPress (2.6.5, 2.7.x) seem to have robustly addressed many, many of the earlier security vulnerabilities in WordPress, and you can see that simply by the fact that there are far fewer complaints about hacks in the forums these days... and even many of those have often been due to upgrading an already compromised database... my two cents, but this is one of the things I have been *most* pleased with in recent versions...

  10. buddha trance
    Member
    Posted 5 years ago #

    My personal experience is that the advantages of using WordPress outweigh the steps one has to take to make it even more secure. By simple google searching and reading on this forum and the codex, the answers are available, and fairly simple, for the average webmaster.

    Expecting WP to be a fortress right out of the box is unrealistic. Same goes for forums such as PHPbb, ecard software, etc. When you are live on the net, it's part of the game having to guard yourself from hacking attempts.

  11. Chris_K
    Member
    Posted 5 years ago #

    Not that it matters much at this point, but it would be interesting to know what version of WP the OP was running. A common pitfall is not keeping up with the updates, many of which exist for security.

Topic Closed

This topic has been closed to new replies.

About this Topic