PDA

View Full Version : Wordpress Security Issues

William
12-06-2008, 12:23 AM
Greetings,

I have several WPD blogs and I notice that they need to be updated with the latest version which I believe is 2.6.5. Running an older version will make your blog vulnerable to hacking. I believe that one should do the following:
To keep your WordPress blog safe:

1. Update WordPress.
2. Update your WordPress Theme.
3. Update WordPress Plugins.

My question is by doing the above, will I render WPD's useless as far as SEO is concerned? I know that WPD is specially set up for optimum seo and I really don't want to mess with it. I believe Marty told us to hold off updating Wordpress until he can come up with a solution.

I've been waiting for Marty to address this issue but he never kept any of his customers updated. Sooner or later, our blogs will get hacked. I know, it's happened to me once.

Any idea on how I should proceed?

Thank you,
William
ddhamm
12-06-2008, 12:27 AM
What the hackers can do is add hidden outgoing links which will totally mess up your blogs if you are trying to get page rank.

So, what verison of Wordpress is used in Wordpress Direct???

DeeDee
William
12-06-2008, 12:54 AM
I believe WPD is running 2.6.1. At least that's what my WPD blogs are running. I have friends who are White Hat hackers and they said that Wordpress blogs are very vulnerable and are the favorite platforms of Black Hat hackers. He suggested that I download this plugin:

http://wordpress.org/extend/plugins/wp-security-scan/ (http://wordpress.org/extend/plugins/wp-security-scan/)

I also found a site which list several security plugins for Wordpress.

http://www.net-security.org/article.php?id=1099

I await Martys reply.

William
admin
12-06-2008, 09:31 PM
In general, what Wordpress releases as 'security' is to disable the automation interfaces like XML-RPC, etc. This doesn't actually increase security, just makes it so neophytes don't leave the doors wide open.

In our case, we have written a custom replacement for XML-RPC so we can automate the blogs securely, since nobody else knows the protocol spec. Are you saying one of your WPD blogs was hacked, or a vanilla Wordpress one? If it was a WPD blog, I would like to know since it would be the first case I have heard of.

As to which release we deploy, it is currently 2.5.1 and we will be migrating to 2.6.x in about 2 months. So, as I've said, our deployment generally patches all the common security holes.