17 {{ upvoteCount | shortNum }}
17 {{ upvoteCount | shortNum }}

How Do I Plug Wordpress wordpress 3.0.1. Vulnerability?

by thunderbird
11 replies
I have wordpress 3 sites that have been hacked, while sites pre-wordpress 3 wp sites are untouched. I gather that his has been happening to others as well. Does anyone here know how fix up whatever is making wordpress 3.1 less vulnerable to malicious hacks? Some kind of patch? Thanks.
#plug #vulnerablity #wordpress #wordpress 3 hacked #wordpress sucks #wordpress vulnerablity
  • Profile picture of the author phpbbxpert
    I have not seen any kind of vulnerabilities in 3.1

    You need to change your usernames and passwords for the installs and FTP accounts.

    It is possible that you have a plug-in with a vulnerability or that your files do not have the correct permissions on the server and are writable.
    {{ DiscussionBoard.errors[2561583].message }}
  • Profile picture of the author dvduval
    Wordpress is known for lots of vulnerabilities. Secunia lists 184 Wordpress vulnerabilities that have been found.
    Signature
    It is okay to contact me! I have been developing software since 1999, creating many popular products like phpLD.
    {{ DiscussionBoard.errors[2561650].message }}
  • Profile picture of the author phpbbxpert
    From what I see those are all plug-ins vulnerabilities.
    Not WordPress.

    Also, look at the dates, 184 is the history, NOT current.
    {{ DiscussionBoard.errors[2561697].message }}
    • Profile picture of the author thunderbird
      Originally Posted by phpbbxpert View Post

      From what I see those are all plug-ins vulnerabilities.
      Not WordPress.

      Also, look at the dates, 184 is the history, NOT current.
      Maybe not, but something is current because sites -- specifically wordpress 3.0.1 -- are getting hacked.
      Signature

      Project HERE.

      {{ DiscussionBoard.errors[2561879].message }}
      • Profile picture of the author SteveJohnson
        Originally Posted by thunderbird View Post

        Maybe not, but something is current because sites -- specifically wordpress 3.0.1 -- are getting hacked.
        Can you point to any current information about this? There's nothing in the WordPress trac, and none of the major developers of WP that I have spoken with have heard anything about a specific security problem.

        FWIW, the WP core team has always been incredibly fast about fixing known vulnerabilities and takes security VERY seriously.
        Signature

        The 2nd Amendment, 1789 - The Original Homeland Security.

        Gun control means never having to say, "I missed you."

        {{ DiscussionBoard.errors[2564047].message }}
  • Profile picture of the author Abledragon
    Protecting WordPress sites from being hacked is not just about WordPress - there are lots of ways people can access and hack your site.

    This article describes what happened when one of my clients' WordPress sites was hacked and how we fixed it:

    http://www.wealthydragon.com/blog/20...ity-wordpress/

    Cheers,

    Martin.
    Signature
    WealthyDragon - Earning My Living Online
    {{ DiscussionBoard.errors[2561914].message }}
  • Profile picture of the author Unfair Contract
    Have you recently shared ID and passwords with any developers? Try making them a lot more complicated. Bless
    {{ DiscussionBoard.errors[2562485].message }}
  • Profile picture of the author 1babywarrior
    a lot depends on your host too, many do not provide the necessary encryptions, shells, protocols, file permissions, etc, plus the amount of bad bots out there that specifically target wp installations, mostly so because the users do not take the simple precautions to change the database table prefixes, change the admin log in name, hide the wp version, put a .htaccess in the admin directory, and remove the default log in meta.

    A few simple plugins can greatly reduce your risk factor too, search for
    BBQ,
    wp secure,
    wp security,
    login lockdown,
    askimet,
    bullet proof security,
    admin ssl,
    wp mal-watch,

    And check out Perishablepress.com for very helpful preventative maintenance (its a cool wordpress blog).
    {{ DiscussionBoard.errors[2562734].message }}
  • Profile picture of the author mihir
    never user "admin" as wordpress admin username. it makes burst force attack much easier for attacker
    {{ DiscussionBoard.errors[2567743].message }}
  • Profile picture of the author mihir
    also, find some plugin which can limit login attempts like wait for 10 minutes after 5 incorrect login attempts
    {{ DiscussionBoard.errors[2567767].message }}
  • Profile picture of the author nava28
    my site also got hacked by deface method. im using wp 3.0.1
    Signature
    Antivirus Reviews - Antivirus programs for home and business. Be always up to date on the latest products and the best prices!
    Cheap Iphone 4
    DVD Ripper For Mac
    {{ DiscussionBoard.errors[2800507].message }}

Trending Topics