23 {{ upvoteCount | shortNum }}
23 {{ upvoteCount | shortNum }}

Frigging Wordpress Exploit Again

by dvduval
18 replies
You can't just put a wordpress site online and leave it. You come back a year or two later and its been exploited. I've got sites using our products online for 6+ years and counting now, and the only time they exploited was when there was a wordpress install on the same site. Getting pretty tired of wordpress, and ready to drop it for good. Time spend better elsewhere.
#exploit #frigging #wordpress
  • Profile picture of the author PerformanceMan
    Just make sure your secure it. Are you using Bulletproof Security plugin?
    Signature
    Free Special Report on Mindset - Level Up with Positive Thinking
    {{ DiscussionBoard.errors[7471241].message }}
  • Profile picture of the author WFAlex
    About half a year ago I went through the same trouble...I had a bunch of wordpress sites sitting on my VPS and 1 of them got exploited with some nasty script which would replace the index files for ALL sites in my cpanel. The frustrating thing was that when deleting the script/index file, a few hours later it would be there again. Changing passwords to no avail.

    I ended up paying someone about $150 to clean everything out and now loaded up all my WP installs with security plugins and try to make sure to keep them as up to date as possible. But yes, it is annoying.

    Originally Posted by dvduval View Post

    Getting pretty tired of wordpress, and ready to drop it for good. Time spend better elsewhere.
    Any alternative you would recommend that's just as easy and straight-forward/intuitive to use?
    Signature

    {{ DiscussionBoard.errors[7471250].message }}
  • Profile picture of the author dvduval
    Yea, in this case it is a customer site and the budget was low. I just prefer to use another script that won't get exploited.
    Signature
    It is okay to contact me! I have been developing software since 1999, creating many popular products like phpLD.
    {{ DiscussionBoard.errors[7471280].message }}
    • Profile picture of the author WFAlex
      Originally Posted by dvduval View Post

      Yea, in this case it is a customer site and the budget was low. I just prefer to use another script that won't get exploited.
      Sorry if I'm a bit slow here but with "other script", are you talking about something else but Wordpress? Like...Drupal, Joomla or whatever else is out there? Would appreciate a hint as to what is more secure than WP but just as easy to use.
      Signature

      {{ DiscussionBoard.errors[7471346].message }}
  • Profile picture of the author PerformanceMan
    Add the security plugins and you won't have this issue any more. In its default state WordPress is a 'sitting duck.' The fastest I had one unprotected site hacked was 3 days
    Signature
    Free Special Report on Mindset - Level Up with Positive Thinking
    {{ DiscussionBoard.errors[7471287].message }}
  • Profile picture of the author clintmyers
    Wow 3 days is very fast. Might as well not even bother if you don't protect it.
    Signature

    Clint Myers

    {{ DiscussionBoard.errors[7471338].message }}
  • Profile picture of the author dvduval
    That's pretty unprofessional to release software that is a sitting duck. I don't care how big they are. We don't do that, and our products released 6 years ago are still online (powered by phpLD).
    Signature
    It is okay to contact me! I have been developing software since 1999, creating many popular products like phpLD.
    {{ DiscussionBoard.errors[7471352].message }}
    • Profile picture of the author Dan C. Rinnert
      Originally Posted by dvduval View Post

      That's pretty unprofessional to release software that is a sitting duck. I don't care how big they are. We don't do that, and our products released 6 years ago are still online (powered by phpLD).
      There's a difference. Your software is commercial. WordPress is open source.

      If your software gets hacked, you've got who knows how many angry, paid customers pounding on your virtual doorstep.

      If WordPress gets hacked, well, you get what you pay for.
      Signature

      Dan's content is irregularly read by handfuls of people. Join the elite few by reading his blog: dcrBlogs.com, following him on Twitter: dcrTweets.com or reading his fiction: dcrWrites.com but NOT by Clicking Here!

      Dan also writes content for hire, but you can't afford him anyway.
      {{ DiscussionBoard.errors[7471537].message }}
      • Profile picture of the author dvduval
        Originally Posted by Dan C. Rinnert View Post

        There's a difference. Your software is commercial. WordPress is open source.

        If your software gets hacked, you've got who knows how many angry, paid customers pounding on your virtual doorstep.

        If WordPress gets hacked, well, you get what you pay for.
        When we do have problems, you can bet they let us know about it. I'm now paying someone more than the cost of our product to fix wordpress.
        Signature
        It is okay to contact me! I have been developing software since 1999, creating many popular products like phpLD.
        {{ DiscussionBoard.errors[7471757].message }}
  • Profile picture of the author BrightShinyObjects
    Originally Posted by dvduval View Post

    You can't just put a wordpress site online and leave it. You come back a year or two later and its been exploited. I've got sites using our products online for 6+ years and counting now, and the only time they exploited was when there was a wordpress install on the same site. Getting pretty tired of wordpress, and ready to drop it for good. Time spend better elsewhere.
    Wordpress to the rescue!! :p Only $500 a month and all your problems are solved.

    Introducing WordPress.com*Enterprise -- Blog -- WordPress.com

    Cheers,
    Mary
    {{ DiscussionBoard.errors[7471830].message }}
  • Profile picture of the author WittyT
    You can't just let Wordpress based sites sit there... You have to constantly update them and the plug-ins you're using. It's when you have outdated plug-ins that you leave yourself up for exploits.

    Like PerformanceMan said: install Bulletproof. It's the second plug-in I always install right after Akismet.
    {{ DiscussionBoard.errors[7472166].message }}
    • Profile picture of the author cooler1
      Originally Posted by WittyT View Post

      You can't just let Wordpress based sites sit there... You have to constantly update them and the plug-ins you're using. It's when you have outdated plug-ins that you leave yourself up for exploits.

      Like PerformanceMan said: install Bulletproof. It's the second plug-in I always install right after Akismet.
      Someone here in the comments section said they used BPS and they got hit by Hmei7. Do you recommend BPS to be used in conjunction with any other WP security plugins or do you just use BPA only?

      WordFence Plugin Revew - Is it Effective At Detecting Malware?
      Signature

      {{ DiscussionBoard.errors[7472283].message }}
      • Profile picture of the author dvduval
        Sounds like Wordpress is great for creating a secondary market of security tools and selling their enterprise edition.
        Signature
        It is okay to contact me! I have been developing software since 1999, creating many popular products like phpLD.
        {{ DiscussionBoard.errors[7475631].message }}
        • Profile picture of the author AnniePot
          Well, the funny thing is, the only time I've ever had a website hacked, it was a straight html build.

          Over the years I've had literally dozens of Wordpress websites and (touch wood), none have ever been exploited. I just install Wordpress Firewall 2, WP Ban, and Bulletproof Security before I do anything.
          {{ DiscussionBoard.errors[7475681].message }}
  • Profile picture of the author Troy_Phillips
    I have had a lot more HTML sites compromised than Word Press. Then again I do not have 20 plugins per install either. I paid $400 for a custom article directory script last year and never did get it secured. The programer finally gave up and left town in the middle of the night lol. I do think he was trying to shortcut and used at least some open source though.

    I have a hand coded PHP membership / affiliate script and have to say it must be very hard to get into. I see where it is trying to be exploited in my awstats but so far, almost 4 years and no cookie.
    Signature

    {{ DiscussionBoard.errors[7476454].message }}
  • Profile picture of the author tmitsoff
    Wordpress is very frustrating. A client called last night to let me know his site had been hacked for the fourth or fifth time. Dvduval is right -- any sites you haven't visited for awhile, be prepared for problems.
    {{ DiscussionBoard.errors[7476857].message }}
    • Profile picture of the author Marketer Matt
      You guys don't use ManageWP?

      ManageWP - A Review of the Ultimate Wordpress Tool - There is a Theme For That

      Solves all of these problems, saves time, and makes doing quick WP set ups for clients fun again...
      Signature
      {{ DiscussionBoard.errors[7477292].message }}
    • Profile picture of the author dvduval
      Originally Posted by tmitsoff View Post

      Wordpress is very frustrating. A client called last night to let me know his site had been hacked for the fourth or fifth time. Dvduval is right -- any sites you haven't visited for awhile, be prepared for problems.
      And of course if they are not very technical they want to blame you for the problem and then expect you to fix it for free. Usually, that is exactly what we do, but fortunately I just don't use wordpress for customers unless they really insist.

      Now, more often for me, people have phpLD and Wordpress on the same server. Their server gets hacked and they come to us saying phpLD got hacked, and the reality is it was wordpress. There has been no mass attack on phpLD in the 6-7 years we have sold the product, yet somehow wordpress with much greater resources than us manages to release insecure software all the time! Argh!
      Signature
      It is okay to contact me! I have been developing software since 1999, creating many popular products like phpLD.
      {{ DiscussionBoard.errors[7487912].message }}

Trending Topics