Title: Security warning from eUKHost Last modified: August 19, 2016 --- # Security warning from eUKHost * [AndrewRH](https://wordpress.org/support/users/andrewrh/) * (@andrewrh) * [15 years, 3 months ago](https://wordpress.org/support/topic/security-warning-from-eukhost/) * Just received this security bulletin email from eUKHost (provider of my various sites’ storage). Is WordPress really this dangerous in 3.0.4? * ~Andrew~ * From: eUKhost LTD [mailto:support@eukhost.com] Sent: 04 January 2011 22:22 To: Andrew Reeves-Hall Subject: Security update : WordPress, PHP vulnerabilities. * Dear Andrew Reeves-Hall (Whitchurch Association), * While monitoring and auditing the shared server security, our system has detected that WordPress sites are getting compromised due to the vulnerabilities in the themes, plugins and old version applications which are also known for security holes. Most of the attacks are performed using Cross-Site Scripting, malicious files upload and remote code execution techniques. * We are trying our best to protect all the servers, concern web sites and taking prompt action against those attacker host/IP to disinfect other servers. we recommend you to review your wordpress applications, do upgrade versions to latest stable release and avoid vulnerable plugins/modules installation like: * * WordPress Automatic Upgrade: which allows any non authenticated user to, generate and to unload the archives of WordPress (including wp-config.php with your data of data base), to activate and to deactivate all plugins, to update the version of WordPress without your authorization * OneClick: It is vulnerable CSRF (Cross- site request forgery) it allows you to unload plugins – or malicious code – from any URL. * Who Sees Ads: It is vulnerable to CSRF and XSS (Cross-site scripting).* MyDashboard: It is vulnerable to CSRF and XSS. * Also do not enable vulnerable PHP functions [ ie. disabled_functions] using custom php.ini files, do not disable mod_security protection in the .htaccess files and make sure that there is no file/folder which has set maximum permissions. You should choose strong passwords for your Cpanel, FTP account. which contains a combination of upper and lower case letters, numbers and special characters such as $?£.#$&@()_+. * Please refer following URL links to know more about WordPress, PHP vulnerabilities and precaution measures: * [http://www.eukhost.com/forums/f15/how-secure-wordpress-11164/](http://www.eukhost.com/forums/f15/how-secure-wordpress-11164/) [http://www.eukhost.com/forums/f42/how-secure-optimize-websites-linux-host-12020/](http://www.eukhost.com/forums/f42/how-secure-optimize-websites-linux-host-12020/) [http://www.securiteam.com/products/W/Wordpress.html](http://www.securiteam.com/products/W/Wordpress.html) [http://wordpress.org/tags/vulnerability](http://wordpress.org/tags/vulnerability) [http://www.seoegghead.com/software/wordpress-firewall.seo](http://www.seoegghead.com/software/wordpress-firewall.seo) [http://blogsecurity.net/](http://blogsecurity.net/) * If you have any doubt or query regarding this, then please contact the technical support department right away. The contact details are as below * Helpdesk : Please raise a helpdesk ticket from [http://support.eukhost.com/index.php?x=&mod_id=4&t=4](http://support.eukhost.com/index.php?x=&mod_id=4&t=4) Live-Chat: Please initiate a live-chat request from [http://www.eukhost.com/](http://www.eukhost.com/)( Extreme Right Of The Page) Email: Please email [support@eukhost.com](https://wordpress.org/support/topic/security-warning-from-eukhost/support@eukhost.com?output_format=md) Phone : Please call our toll-free number 0808 262 0455 International : +44 191 303 8191 * We thank you for your patience and co-operation. It is immensely appreciated. * Regards, The Support Team. [http://eukhost.com](http://eukhost.com) The topic ‘Security warning from eUKHost’ is closed to new replies. ## Tags * [errors](https://wordpress.org/support/topic-tag/errors/) * [scripting](https://wordpress.org/support/topic-tag/scripting/) * In: [Fixing WordPress](https://wordpress.org/support/forum/how-to-and-troubleshooting/) * 0 replies * 1 participant * Last reply from: [AndrewRH](https://wordpress.org/support/users/andrewrh/) * Last activity: [15 years, 3 months ago](https://wordpress.org/support/topic/security-warning-from-eukhost/) * Status: not resolved ## Topics ### Topics with no replies ### Non-support topics ### Resolved topics ### Unresolved topics ### All topics