Page 2 of 2 FirstFirst 12
Results 11 to 15 of 15

Thread: Blog defaced

  1. #11
    Andy101's Avatar
    Andy101 is offline Code Otaku
    Join Date
    Aug 2009
    Location
    Kanazawa
    Posts
    1,313
    Thanks
    178
    Thanked 309 Times in 236 Posts
    WP users are educated to install tons of plugins and it is inevitable that the security will be broken I think.

    Now WP are encouraging developers to use the WP site to be the main repository of plugins, so users can feed back their reports of problems which most people will be able to see.

    The downside is that the plugin developer may not get the back links and traffic to their site that they deserve though.

  2. #12
    bogart's Avatar
    bogart is offline Super Moderator
    Join Date
    May 2009
    Location
    New York
    Posts
    3,772
    Thanks
    1,886
    Thanked 776 Times in 609 Posts
    In many cases you may not really need the plugin. Sure it's easier. But, there's plenty of simple modifications that you can make to Wordpress rather than using a plugin. For instance, you can insert the adsense code within the loop so that you don't need an adsense injection plugin.

  3. #13
    SonnyCooL's Avatar
    SonnyCooL is offline HeeHa
    Join Date
    Jan 2010
    Location
    Melb/Malaysia
    Posts
    920
    Thanks
    250
    Thanked 92 Times in 78 Posts
    Quote Originally Posted by bogart View Post
    In many cases you may not really need the plugin. Sure it's easier. But, there's plenty of simple modifications that you can make to Wordpress rather than using a plugin. For instance, you can insert the adsense code within the loop so that you don't need an adsense injection plugin.
    agree but it take some time for fresh user to reach that step (it take me around 9 month to reduce plugin usage )

  4. #14
    dodolls is offline Wide Traveler
    Join Date
    Aug 2009
    Posts
    40
    Thanks
    3
    Thanked 4 Times in 4 Posts
    Quote Originally Posted by bogart View Post
    I'm guessing that they are using a password exploit. Upgrade the WP install and change the password for the user password for the sql db as well.

    I've had a lot of problems with wp blogs running version earlier than 2.7. Even on 2.7 a hacker got it and was able to make a post. But didn't deface the blog.

    With regards to password exploit, could it be possible that they were able to exploit the password for hosting account or just wordpress?

  5. #15
    bogart's Avatar
    bogart is offline Super Moderator
    Join Date
    May 2009
    Location
    New York
    Posts
    3,772
    Thanks
    1,886
    Thanked 776 Times in 609 Posts
    Quote Originally Posted by dodolls View Post
    With regards to password exploit, could it be possible that they were able to exploit the password for hosting account or just wordpress?
    All versions of wordpress up to and including 2.8.3 have an "admin password reset exploit" security flaw.

    You should also use a strong password for the hosting account and Wordpress ir you are vulnerable to a brute force attack.

Page 2 of 2 FirstFirst 12

Similar Threads

  1. Replies: 0
    Last Post: 22 May, 2010, 22:37 PM
  2. [WTS] Blog Post and Blog Roll in PR 3+ Blog
    By linkseller in forum Links
    Replies: 0
    Last Post: 29 March, 2010, 13:36 PM
  3. Replies: 0
    Last Post: 15 January, 2010, 16:11 PM

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •