Too many exploits in Wordpress

Jack~Rouse

Jack~Rouse

Reputable
Joined
Feb 12, 2013
Messages
110
Reaction score
0
FP$
6
For the second time in six months I had my forum and blog hacked via an exploit in Worpress, my hosts naturally shut the site down until I had cleared out all the infected files.

It seems they got in through a plugin that I had recently updated, luckily the database wasn't compromised, so I have all the data intact.

I'd love to use another blog software, but I'm not sure if data from Wordpress can be imported to any other, any one help on this ?
 
WordPress itself is very safe, plugins are the weak point and that's no different with any other software. When you add in 3rd party code you risk safety and security, there's no way around that unfortunately, other than inspecting any plugin you install in detail (which requires time and expertise).

But anyway, you can export your WordPress data into an XML file from the Tools menu, which can be read (or converted to be read) by a lot of other services such as Blogger, etc.
 
You could google the plugin name before installing it to see if anyone else got hacked because of it.

A question:
Btw can hackers only use active plugins or inactive plugins to to force themselves into your blog?
 
I had one of my hosting accounts taken down in the last couple of days because a vanilla wordpress install was exploited and was sending tons of spam emails about cheap flights. Not one plugin was installed.

I'm never going to use wordpress again for my own projects as this is the third time a vanilla WP install of mine was exploited, Instead I am just going to create my own blog software.

Wordpress just seems to be a magnet to people trying to exploit websites.
 
master412160 said:
You could google the plugin name before installing it to see if anyone else got hacked because of it.

A question:
Btw can hackers only use active plugins or inactive plugins to to force themselves into your blog?
Click to expand...

According to the hosts they got in through the theme, not the plugin<br /><br />-- 18 Apr 2013, 16:18 --<br /><br />
ShadyX said:
I had one of my hosting accounts taken down in the last couple of days because a vanilla wordpress install was exploited and was sending tons of spam emails about cheap flights. Not one plugin was installed.

I'm never going to use wordpress again for my own projects as this is the third time a vanilla WP install of mine was exploited, Instead I am just going to create my own blog software.

Wordpress just seems to be a magnet to people trying to exploit websites.
Click to expand...

This is my feeling now, I just need to find another platform that is just as easy to use.
 
I had one of my hosting accounts taken down in the last couple of days because a vanilla wordpress install was exploited and was sending tons of spam emails about cheap flights. Not one plugin was installed.
Click to expand...

Could you be more specific? Did you get alot of comment spam or what?

All the abuse can be solved by a one or more anti spam plugins for countering spam and preventing it.

Wordpress isn't an issue when you got the necessary things taken care of. You can't let it remain vanilla you need some plugins to make it work out perfectly.
 
No software is completely secure unfortunately. You just have to be as careful as you can. Try anchor cms
 
master412160 said:
I had one of my hosting accounts taken down in the last couple of days because a vanilla wordpress install was exploited and was sending tons of spam emails about cheap flights. Not one plugin was installed.
Click to expand...

Could you be more specific? Did you get alot of comment spam or what?

All the abuse can be solved by a one or more anti spam plugins for countering spam and preventing it.

Wordpress isn't an issue when you got the necessary things taken care of. You can't let it remain vanilla you need some plugins to make it work out perfectly.
Click to expand...

No, my wordpress install was exploited (hacked) and modified to send thousands of spam emails to people. This cannot be solved by a plugin, lol.
 
I myself dislike Wordpress
I don't use it and after recent reports I doubt I ever will
 
If someone hack a a WordPress blog without exploiting a plugin than the hacker is most likely using a script that guess the admin's password (This especially true if you only have a vanilla WordPress installed in your sever).

To prevent brute force attacks:
  • Don’t have username set to “admin”.
  • Have complex user name and simple nickname. (Your nickname will be displayed to the public instead of your username)
  • Have a password that has capital letters, numbers, symbols, and not words from the dictionary.
  • Install http://wordpress.org/extend/plugins/lim ... -attempts/
Source
Like every software in the world WordPress is not completely secure, but if you take the time to set up road blocks for hacker than you should be safe from most them.
 
No, my wordpress install was exploited (hacked) and modified to send thousands of spam emails to people. This cannot be solved by a plugin, lol.
Click to expand...

Nothing is fully secure. Usually doing what the user below said solves the issue unless the hacker is sorting out some vendetta on you. XD
Kevin X Dragon said:
If someone hack a a WordPress blog without exploiting a plugin than the hacker is most likely using a script that guess the admin's password (This especially true if you only have a vanilla WordPress installed in your sever).

To prevent brute force attacks:
  • Don’t have username set to “admin”.
  • Have complex user name and simple nickname. (Your nickname will be displayed to the public instead of your username)
  • Have a password that has capital letters, numbers, symbols, and not words from the dictionary.
  • Install http://wordpress.org/extend/plugins/lim ... -attempts/
Source
Like every software in the world WordPress is not completely secure, but if take the time to set up road blocks for hacker than you should be safe from most them.
Click to expand...

Yeah Indeed.
 
master412160 said:
No, my wordpress install was exploited (hacked) and modified to send thousands of spam emails to people. This cannot be solved by a plugin, lol.
Click to expand...

Nothing is fully secure. Usually doing what the user below said solves the issue unless the hacker is sorting out some vendetta on you. XD
Click to expand...

They were just using the wordpress install to send tons of spam mails to their lists.

I have a better solution, I just won't use a blog script that is a magnet for hackers and crap. I will make my own.
 
You must log in or register to reply here.

About Us

Since 2007, Forum Promotion has specialized in providing advertising solutions to webmasters looking to promote their communities. We pride ourselves in being the bridge that connects forum administrators, bloggers, and more.

Sponsors

Affiliates

    Universal Gaming The Coffee House

Stay Connected

Back
Top Bottom