How secure is wordpress? Not very.
I recently had a website taken off googles search index due to mass spamming of our wordpress files. Not the regular html files on my system, only wordpress files. Ever since the latest upgrade.
All the files had been added as stated in the instructions etc, as i have done with every upgrade since – but this time everything went wrong.
At first we couldn’t login, and we noticed our wp-config file was littered with viagra spam. So we deleted it and it allowed the login to work. But then 3 – 5 days after this, i recieved this email.
Dear site owner or webmaster of vinylabuse.com,
While we were indexing your webpages, we detected that some of your pages were using techniques that are outside our quality guidelines, which can be found here: http://www.google.com/support/webmasters/bin/answer.py?answer=35769&hl=en. This appears to be because your site has been modified by a third party. Typically, the offending party gains access to an insecure directory that has open permissions. Many times, they will upload files or modify existing ones, which then show up as spam in our index.
The following is some example hidden text we found at http://www.vinylabuse.com/?cat=16:
Buy Microsoft Office 2003 Professional (DEUTSCH) with Business Contact Manager Buy Corel Paint Shop Pro PHOTO XI Buy CGTech VERICUT 6.1.2 Buy Acronis Recovery Expert Deluxe Buy Cakewalk Sonar 8.0 Producer Edition Buy Lynda.com Reason 4 Essential Training DVD Buy eBook: Adobe Creative Suite 2 How Tos 100 Essential Techniques Buy Microsoft Student 2009 with Encarta Premiun Buy Ulead VideoStudio 9.0 Buy MusicLab Rhythm\’n\’Chords 2 plug-in for Steinberg Cubase VST Buy eBook: Microsoft Office Excel 2003 Bible Buy Conceiva Mezzmo 1.1 Buy eBook: Linux Timesaving Techniques for Dummies 2004 Buy FileMaker Pro Advanced v10 for Mac Buy Autodesk AutoCAD Mechanical 2005 Buy IDM UEStudio v06.40 Buy Realize Voice 3.51 Buy Portrait Professional Max 6 Buy VTC Microsoft Windows Server 2008 Buy Adobe Illustrator CS2 Buy eBook: Adobe Encore DVD 1.5 (Peachpit Press) Buy Ashampoo Cover Studio 2 Buy eBook: Adobe Photoshop Graphics Techniques For Web Design[…]
We have had the site running for 5 years nearly, and since the latest upgrade there has been nothing but trouble. WordPress – you need to step up a gear and solve these spam problems, i use other CMS’s such as Expression Engine and have not recieved any spam on comments or even within my ‘secure’ php system files?! We shouldn’t need to rely on 3rd party plugins to stop spam like this.
- The topic ‘How secure is wordpress? Not very.’ is closed to new replies.