Old Wordpress Sites Exploited And Security Questioned

Apparently this weekend, a major exploit attack has been taking place on old versions of self-hosted blogging platform Wordpress. If you are using Wordpress for your blog, you should update immediately.The truth is that this weekend is no different than any other weekend with regards to Wordpress. Old versions of the blogging platform have, and will, continue to be exploited. Back in April, I switched from Drupal to Wordpress and within 24 hours, my sites were exploited. Since then I've been exploited and/or hacked at least a dozen times on my various sites. Apparently it's nearly impossible to figure out the specific cause. The worst part about being hacked is that it can affect your rankings in Google which results in a lower amount of search engine traffic and ultimately, revenue.

Wordpress founder Matt Mullenweg is participating in a discussion thread on Friendfeed about the latest news about Wordpress exploits. Mullenweg has also put together his thoughts on how to keep your Wordpress blog secure.

The bottom line is simple - if you run outdated versions of any piece of software you risk your security.

As an interesting aside, my sites ran on Drupal for three years and never one exploit. One of my sites is using vBulletin for our forums and in over six years, it too has never been exploited or hacked. Some say that the "value" is higher to exploit a Wordpress blog.

Swiss blogger Corsin Camichel put together a list of suggestions for the Wordpress team to help make the blogging platform immediately more secure for new installations. Digitizor has some tips to check to see if your blog is currently hacked. I found a number of exploits on my site by searching Google for Viagra and Cialis with my site name. It would be great if the Google Webmaster tool displayed a message when a site has been penalized for suspicious content.

My suggestions include a tool to notify you when a new user is added, notification when any files are modified and a plugin verification system where Wordpress can "certify" that a plugin is safe to use.

Mullenweg concludes his post with the following promise, "The only thing that I can promise will keep your blog secure today and in the future is upgrading." I used to wait a bit before upgrading to make sure the kinks were worked out but going forward I will push out any upgrades as soon as possible.