Old Wordpress Sites Exploited And Security Questioned - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
Infrastructure // PC & Servers
Commentary
9/5/2009
07:13 PM
Allen Stern
Allen Stern
Commentary
50%
50%

Old Wordpress Sites Exploited And Security Questioned

Apparently this weekend, a major exploit attack has been taking place on old versions of self-hosted blogging platform Wordpress. If you are using Wordpress for your blog, you should update immediately.

Apparently this weekend, a major exploit attack has been taking place on old versions of self-hosted blogging platform Wordpress. If you are using Wordpress for your blog, you should update immediately.The truth is that this weekend is no different than any other weekend with regards to Wordpress. Old versions of the blogging platform have, and will, continue to be exploited. Back in April, I switched from Drupal to Wordpress and within 24 hours, my sites were exploited. Since then I've been exploited and/or hacked at least a dozen times on my various sites. Apparently it's nearly impossible to figure out the specific cause. The worst part about being hacked is that it can affect your rankings in Google which results in a lower amount of search engine traffic and ultimately, revenue.

Wordpress founder Matt Mullenweg is participating in a discussion thread on Friendfeed about the latest news about Wordpress exploits. Mullenweg has also put together his thoughts on how to keep your Wordpress blog secure.

The bottom line is simple - if you run outdated versions of any piece of software you risk your security.

As an interesting aside, my sites ran on Drupal for three years and never one exploit. One of my sites is using vBulletin for our forums and in over six years, it too has never been exploited or hacked. Some say that the "value" is higher to exploit a Wordpress blog.

Swiss blogger Corsin Camichel put together a list of suggestions for the Wordpress team to help make the blogging platform immediately more secure for new installations. Digitizor has some tips to check to see if your blog is currently hacked. I found a number of exploits on my site by searching Google for Viagra and Cialis with my site name. It would be great if the Google Webmaster tool displayed a message when a site has been penalized for suspicious content.

My suggestions include a tool to notify you when a new user is added, notification when any files are modified and a plugin verification system where Wordpress can "certify" that a plugin is safe to use.

Mullenweg concludes his post with the following promise, "The only thing that I can promise will keep your blog secure today and in the future is upgrading." I used to wait a bit before upgrading to make sure the kinks were worked out but going forward I will push out any upgrades as soon as possible.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
News
Can Cloud Revolutionize Business and Software Architecture?
Joao-Pierre S. Ruth, Senior Writer,  1/15/2021
Slideshows
10 IT Trends to Watch for in 2021
Cynthia Harvey, Freelance Journalist, InformationWeek,  12/22/2020
News
How CDOs Can Build Insight-Driven Organizations
Jessica Davis, Senior Editor, Enterprise Apps,  1/15/2021
White Papers
Register for InformationWeek Newsletters
Video
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you.
Slideshows
Flash Poll