17 {{ upvoteCount | shortNum }}
17 {{ upvoteCount | shortNum }}

READ if you have Word Press! Client hacked...so were 3 of my sites...Have you Updated lately?

by CarloD.
14 replies
Hey warriors,

A client of mine had sent me an email this morning saying their site did not work...i checked it out and sure enough...wordpress has a vulnerability somewhere...

I will post more details later but I thought I should get this up.

What was interesting is, this seems to be on 2.9.X version of wordpress, and it adds an Array in the Main index.php file....

what was even more interesting is I have a blog on one of my domains that I don't use... but found the same array in another directory without wordpress in my index.php file.

sure enough every index.php file was infected. some pages just had the array... other had ran the scripts and loaded the page up with tables and who knows what.

UPDATE YOUR WORDPRESS!!

My other sites that I keep up to date were not affected.

It's late and I'm tired, I'll post some more info tomorrow.

cheers
#client #hackedso #press #read #siteshave #updated #word
  • Profile picture of the author Abledragon
    Keeping your WordPress installation up to date is important, no question.

    But there are lots of other aspects to keeping your WordPress sites secure - don't overlook those.

    You need to make sure your PC is free of spyware and keyloggers, you need to use SFTP rather than FTP, you need to keep plugins and themes updated, and so on.

    WordPress security is not just about WordPress!

    Cheers,

    Martin.
    Signature
    WealthyDragon - Earning My Living Online
    {{ DiscussionBoard.errors[2660160].message }}
  • Profile picture of the author phpbbxpert
    Don't forget to change all of the FTP passwords also.
    And make sure they are mixed characters/symbols/numbers not just words.
    {{ DiscussionBoard.errors[2660204].message }}
  • Profile picture of the author SteveJohnson
    Why are you assuming they got in through WordPress in the first place?

    what was even more interesting is I have a blog on one of my domains that I don't use... but found the same array in another directory without wordpress in my index.php file.
    Does that not make you question the entry point?

    Don't just assume that because you have WordPress installed somewhere that it is the doorway the hacker used. Most of the time it isn't.
    Signature

    The 2nd Amendment, 1789 - The Original Homeland Security.

    Gun control means never having to say, "I missed you."

    {{ DiscussionBoard.errors[2662280].message }}
    • Profile picture of the author CarloD.
      Unless its on the host side...

      this is common with only wordpress, and my websites are in no way tied to the clients... different account and all.

      That's why assume wordpress.

      plus when it happens to 4 wp blogs...what else could I assume...agian unless its something on the host side... any ideas?

      my updated 3.0/3.1 WP sites did not get affected... and those are in the same account as my other blogs that got hit.
      Signature

      {{ DiscussionBoard.errors[2662639].message }}
      • Profile picture of the author Karen Blundell
        here's my suggestion: not only should you always update your WordPress core , but always update plugins and get rid of the ones you are not using.

        Install the Plugin called Secure WordPress...this plugin is gold!

        good luck!
        Signature
        ---------------
        {{ DiscussionBoard.errors[2663423].message }}
        • Profile picture of the author mywebwork
          Originally Posted by Karen Blundell View Post

          Install the Plugin called Secure WordPress...this plugin is gold!!
          Wow - that is pure gold! Just read the description, it seems to do a lot of the tasks I always perform manually.

          Thanks for posting it Karen!

          Bill
          {{ DiscussionBoard.errors[2663554].message }}
          • Profile picture of the author Karen Blundell
            Originally Posted by mywebwork View Post

            Wow - that is pure gold! Just read the description, it seems to do a lot of the tasks I always perform manually.

            Thanks for posting it Karen!

            Bill
            not a problem. I use it on all my blogs and all my clients blogs also
            Signature
            ---------------
            {{ DiscussionBoard.errors[2669358].message }}
        • Profile picture of the author Aperio
          Originally Posted by Karen Blundell View Post

          here's my suggestion: not only should you always update your WordPress core , but always update plugins and get rid of the ones you are not using.

          Install the Plugin called Secure WordPress...this plugin is gold!

          good luck!

          Thank you a thousand thank you's for this tip. Never knew this plugin existed and is just what the doctor ordered!
          Signature
          Niche Website Packages- Great deals on complete niche website packages. Use coupon code WFDEALS and get an additional discount.
          {{ DiscussionBoard.errors[2669574].message }}
      • Profile picture of the author SteveJohnson
        Originally Posted by CarloD. View Post

        Unless its on the host side...

        this is common with only wordpress, and my websites are in no way tied to the clients... different account and all.

        That's why assume wordpress.

        plus when it happens to 4 wp blogs...what else could I assume...agian unless its something on the host side... any ideas?

        my updated 3.0/3.1 WP sites did not get affected... and those are in the same account as my other blogs that got hit.
        this is what made me question the "common with only wordpress" assumption:
        what was even more interesting is I have a blog on one of my domains that I don't use... but found the same array in another directory without wordpress in my index.php file.
        It's possible that whoever did this DID get in through a WP install. It's more likely that they got in through a poorly coded plugin as the WP core is very secure (even in past versions - you had to KNOW what you were doing to get in).

        It's also possible it was an account-level entry. These things are very difficult to backtrack.

        All I'm saying is don't make assumptions that aren't warranted. You don't know at all if this came from a WP install and at this stage without the cooperation of your hosting company, it's almost impossible to tell.
        Signature

        The 2nd Amendment, 1789 - The Original Homeland Security.

        Gun control means never having to say, "I missed you."

        {{ DiscussionBoard.errors[2666895].message }}
        • Profile picture of the author CarloD.
          I am going to give them a call and see what they have to say.... I have already fixed my sites on my account, and the other account as well.

          I agree to about a plug-in possibly being the cause.... from what I have always heard, way more vulnerable.
          Signature

          {{ DiscussionBoard.errors[2667013].message }}
  • Profile picture of the author digital29
    I always update my blogs with the latest wordpress, right after it has been lunched. Sometimes, updates mean more bugs, but for wordpress they bring more security
    {{ DiscussionBoard.errors[2666015].message }}
  • Profile picture of the author SteveJohnson
    Too many plugin authors pay little attention to security - because they're lazy or because they just don't know to implement proper security measures. Either way, they unintentionally cause a lot of problems.
    Signature

    The 2nd Amendment, 1789 - The Original Homeland Security.

    Gun control means never having to say, "I missed you."

    {{ DiscussionBoard.errors[2667652].message }}
  • Profile picture of the author hhunt
    I personally don't use wordpress, but will also recommend it to clients who that do.
    Nice stuff guys.
    Signature
    VOIP Headphones | PC Repair | Swiss Gear Laptop Backpack Driving Test
    {{ DiscussionBoard.errors[2670544].message }}

Trending Topics