Support » Everything else WordPress » My host provider seems to acuse WordPress of being vulnerable to hackers attacks

  • I got this from my host provider this morning:

    Security warning for websites using WordPress

    We’ve been made aware of a security issue facing websites using WordPress. We take security very seriously at xxxxxxx, so we want to check if this matter has affected your site.

    If you use the blogging platform WordPress on your web hosting, you may have been the victim of a security hack (please ignore this email if you haven’t installed WordPress on your hosting).

    The problem is due to a security breach caused by hackers, who have targeted sites that use WordPress. WordPress is an open source application, making it vulnerable to such attacks.

    As your hosting provider, we want to help you counter this WordPress hack as quickly and as effectively as possible. To do so, please follow these simple steps as soon as you can…

    Is the

    WordPress is an open source application, making it vulnerable to such attacks

    that worries me. They don’t give any explanation but seems to blame WordPress.
    The email continues to give instructions about how to eliminate the problem and offers a script to run and some securtity measures to restore WordPress instalations.
    Finally it concludes with:

    We’d like to stress that this WordPress hack bears no relation to the security of your Webfusion web hosting itself. This remains robust and very well protected from any attacks by hackers.

    If its true then there is a vulnertability in WordPress and my hostprovider is actually doing something about it; if not…
    any comments?

Viewing 8 replies - 1 through 8 (of 8 total)
  • mrmist

    (@mrmist)

    Forum Janitor

    It seems like your hosting provider is engaging in what could be described as “pasing the buck”.

    There are currently no known issues with WordPress. What there definitely are, are issues with shared hosting environments that allow hackers to traverse from one (exploited) account to another.

    Moderator Peter Westwood

    (@westi)

    WordPress Lead Developer

    As @mrmist said:

    There are currently no known issues with WordPress

    If you host believes they have found something please ask them to contact security@wordpress.org (unless they already have :-))

    They, the host provider, seem to have a methodology to erradicate the problem, a problem that semingly only affects WP. I´ve been told many times that the problem is not WP, then, how comes only WP users seem to be affected?

    Moderator Peter Westwood

    (@westi)

    WordPress Lead Developer

    @tarambana: Once hackers have gained access they will often scan for WP sites on the server simply because it is so popular and so will likely be used. They then add extra code to all the files 🙁

    Do they add similar code to joomla or drupal settings?

    In any case I neglected to thank you all for your replies.
    All I want is to have a clear picture of what’s going on and to be fare with all, including my server and host provider. The problem is that thee way they phrased things they’ve seem to have exculpated themselfs of all blame and placed it on WordPress.

    Yes hackers do. php files in general they will target. I’ve had joomla, drupal, SMF and ZenCart all be routes of attack.

    Numerous times, my SMF install was the weakness, but WordPress was the target.

    Hi all, just to add my five cents.
    All sites without question can be liable to exploits, you only have to be on shared hosting where other users aren’t as vigilant about their site security as you are.
    The only issues I’ve had with clients using WordPress this year have all been caused by people not upgrading.
    I always think the best advice to anyone, is to keep WordPress and all your plugins up to date, and plugins no longer used delete them.
    The latest version is certainly secure.
    enjoy. Mike.

Viewing 8 replies - 1 through 8 (of 8 total)
  • The topic ‘My host provider seems to acuse WordPress of being vulnerable to hackers attacks’ is closed to new replies.