WordPress.org

Ready to get started?Download WordPress

Forums

WP being constantly hacked (6 posts)

  1. Morphim
    Member
    Posted 3 years ago #

    I'm sorry but my WP site is being hacked.
    I've been through a multitude of 'fixes', most of which, to my mind, I should not have to do.
    The measures that I read about to stop this, range from reasonably simple to ridiculously complicated.
    I just want to use a simple CMS for my site. I don't want to delve into code / add, remove, modify files / folders.

    Now I know hacking has been written about in numerous posts (so don't point me to any more - I've probably read them all) but really?? Is the aim of WordPress to have every casual user jump through these hoops to achieve web site security?

    I have a closed user base where accounts can only be created by one admin account.
    Somehow, spam accounts are being created. I have no idea how and, to be honest, I don't feel I should have to, in such a renowned & established CM system.
    I know it's free. I know it's coded / supported by volunteers but, if the WP home page had a 'cons' list (you may need to do X Y Z to eliminate spam) then I could have made a more considered choice.

    I'm sure many potential users would (or have) given up long before me.

    I'm doing nothing with WP that PHPBB or Drupal seem to do trouble free.

    I'm sorry for the rant but I'm so fed up with the things I'm having to do (as well as the constant internet goose chases) to try and find solutions to problems I don't feel should be there.

    My WP install is (and always has been current, my HT access OK, my plugins are up to date. I've changed DB prefix, passwords, usernames etc etc etc etc etc.

    Last resort? Full wipe / reinstall? Nope; only the first then move to Drupal

  2. Rev. Voodoo
    Volunteer Moderator
    Posted 3 years ago #

    well, you probably have a crappy host!

    Are you on shared hosting? If so, you are only as secure as anyone else on your server. If someone else doesn't lock things down, you are screwed too!

    Hackers pick WP because a lot of people use it.... its a tasty target.

    I've had Drupal, Joomla, SMF and Zencart hacked when on a bad shared server. Hell, I've had personal handcoded sites hacked.

    WordPress is just in use more, so hackers target it through crappy server configurations.

  3. elfin
    Moderator
    Posted 3 years ago #

    I'm doing nothing with WP that PHPBB or Drupal seem to do trouble free.

    erm you're quoting phpBB as being secure? The history for that piece of software is pretty bad. As for Drupal, have to admit to not knowing it nearly so well.

    Most people blaming WordPress for being hacked are, as Rev Voodoo has said, mistaken. It is usually poor web hosting, or issues elsewhere.

  4. The current "hack" that is going around is more like a virus. It infects one compromised account on a shared hosting server and uses that account to inject code into every PHP file (not just WordPress) on the server.

    As Rev. Voodoo and Rich have explained, there's nothing that the WordPress team can do about this. It's up to your host to provide a safe and secure server to prevent this type of attack.

  5. hpguru
    Member
    Posted 3 years ago #

    Or just very old WordPress... Update is necessary. :)

  6. wpsecuritylock
    Member
    Posted 3 years ago #

    Morphim,

    Self-hosted WordPress sites, just like ANY website can get hacked into. WordPress takes security seriously, but hackers can download it just like you can and see the files. Same goes for other open-source apps.

    You say that you've taken precautions, but have you done a security audit to see where you have vulnerabilities?

    It's ultimately your responsibility to secure ANY website you offer, no matter if it's WordPress or not.

    I feel your pain and not trying to sound rude, but have you checked to see HOW your site was hacked into? Could it be your hosting company? Could it be that there's a nasty file on your server that was placed there before by a hacker? Or a virus on your own computer?

    I'd be happy to help you find these answers. Just let me know. Feel free to send me a Skype: WPSecurityLock

    Honestly, switching to Drupal or another CMS is not going to make you any more secure if you don't find the reason how you were hacked.

    WordPress by far is the best!

Topic Closed

This topic has been closed to new replies.

About this Topic