Franticindustries.com got hacked over the weekend with the usual result of nasty keywords appearing in the posts. After a couple hours of tinkering, hopefully I’ve now patched most of Wordpress’ many security holes; but the blame is ultimately on me for not keeping Wordpress up to date.
In short: lame wannabe hackers: not cool. Not keeping your Wordpress up to date: dumb. Spending half of the weekend hardening Wordpress’ feeble security: priceless.
I’m not going to leave my real Website URL here, just in case they come after me too, but are you going to tell us what you did to tighten up security other than upgrading to the latest version of WP?
db
@David: actually, I didn’t upgrade to the latest version. Instead, I manually patched critical security breaches, I’ve disabled some unsafe features in WP (registering), and I’ve IP-filtered the access to sensitive WP files. I’ve also disabled all unnecessary plugins. I’ve yet one more thing to do, but I won’t name it right now; it’s specific to this blog.
Hi there,
I guess to be fair you’re not the only blog affected. Have had some suspicious looking stuff picked up fortunately by Microsoft purporting to be from TechCrunch & a no. of others. They come suddenly in a batch over like 2/3 days & then they vanish. I guess on the web everyone is a target to these guys.
What version of WP got hacked ? Hacking was due to WP security issue of problem with plugin ? Today new version of WP released, i have not yet updated as it may break my current template, i have only upgraded to latest 2 days back, a new version (2.5) is available now.
I just upgraded by blog to version 2.5, admin area have a complete new look and feel, upgrade from 2.3.3 to 2.5 went fine with out any problem, no change in template is needed.
Most all blog hacks are from people not upgrading their blog software.
If you don’t make a ton of changes, just backup your template one time, then create or download a script to email you a database dumb every couple days.