Comments on: Blogs are more vulnerable to hacking than other websites!

By: Ramin

Ramin — Mon, 31 Aug 2009 06:52:44 +0000

yes, fortunately I had to backup my WP blog, delete the old installation and reinstall WP new, import entries + upload files again.

By: Ajith Prasad

Ajith Prasad — Tue, 30 Jun 2009 14:07:28 +0000

@Ramin, sorry to hear that…did you fix the problem yet?

By: Ramin

Ramin — Sun, 21 Jun 2009 06:41:34 +0000

I just figured out that my blog got hacked now, and I found your site searching for a solution. It's bad - for visitors, it shows a normal site, but only googlebot sees a different site, which is full of spammy viagra stuff. I am trying to fix this before it Google dumps my site because it thinks I am spam...Ramin´s last blog post... Bei Durchfall Cola und Salzstange? Nein, stattdessen…

By: Ajith Prasad

Ajith Prasad — Sat, 13 Jun 2009 17:04:01 +0000

@Anish, You are right about the plugins and widgets, you never know what kind of scripts they download at runtime.@Richael, any CMS system with default database admin entry scripts exposed in a standard form is vulnerable to SQL injection hacks. And the hosting companies those offer unlimitted hosting for three or four bucks need to be really analyzed well before singing up. I had some issues with Host Monster a couple of times but continuing till the next renewal.@Kim, thanks for sharing your experiences with grey matter. Although, WP is not all that secure yet, probably it's the best among the lot I believe.

By: Kim Woodbridge

Kim Woodbridge — Fri, 12 Jun 2009 15:07:53 +0000

I have never had a WordPress blog hacked but I had an old one hacked into, which actually got me kicked off of my webhost. It was a blogging platform called Greymatter. Quite a few people used it because it was one of the first that could be self-hosted but it ended up having numerous security holes. I don’t think anyone used it anymore (I hope) and most webhosts ban it.

Kim Woodbridge´s last blog post… WordPress 2.8 Upgrade Issues and Recommendations

By: Richael Neet

Richael Neet — Thu, 11 Jun 2009 08:30:26 +0000

Wordpress out of the box is very insecure. Release of version 2.8 speaks volumes as they have fixed close to 790 bugs... That is a huge number of loopholes, in my estimation.As you rightly mentioned, Ajith; the hosting company is also a determining factor as to how secure your blog may be. My recent experience is a testimony...I gave up hosting at Hostgator (because of the cost) and moved to a cheaper company. The next day after migration and propagation, my blog was hacked and the whole DB deleted. Luckily, I had the backup and restored it after switching hosts instantly.I have learnt my lesson since.Richael Neet´s last blog post... Can Domain Parking violate basic Copyrights?

By: Anish K.S

Anish K.S — Thu, 11 Jun 2009 06:14:59 +0000

Today morning I was shocked, my blog not getting, no problem for forum and main site, admin login also failed, then I read your post, then I uploaded WordPress 2.8 and deactivated all pluggin, Tweet This Plugin makes the problem, removed that folder, now ok

Anish K.S´s last blog post… NewsX takes you AT STUMPS at the T20 World Cup : Brings in complete T20 World Cup coverage with Farokh Engineer live from England

By: Ajith Prasad

Ajith Prasad — Wed, 10 Jun 2009 17:50:32 +0000

@Chetan, thanks for your post link. I shall give the wp-security-scan plugin a try.

@Melvin, thanks for the spam You are right about folder permissions as mentioned in the post.

@Lax, running daily backups is not a bad idea (depends a great deal on how often you post/change content, how many comments are received at what frequency etc)

@George, that was a surprise for me as well. Even bigger surprise was the 5 hr downtime caused by Host Monster last month.

@Jacques, backups definitely help though nobody wants to get to a point where you are forced to restore your backed up content – ie. a situation post hack or crash

@Sandeep, I still really do not know if it was a hack, WP bug or some script error that occured after caching

@Samrat, thanks buddy…

By: Kurt Avish

Kurt Avish — Wed, 10 Jun 2009 17:45:44 +0000

I normally do a backup each hour and is emailed to a dedicated email address (gmail is good).I also use a plugin to encrypt password send during login... just in case sm smart guy is looking through his e-bino lol.3rdly I think I can trust my current host as they backup the whole directory regularly each day.Kurt Avish´s last blog post... Blog Trottoir Featuring Yashi

By: Samrat P

Samrat P — Wed, 10 Jun 2009 15:35:00 +0000

Thanks Ajith.. It was a very nice article.. I'll use this info to secure my blog"Samrat P´s last blog post... Grab a Facebook Username For Your Facebook Profile Page or Application Profile

By: Curious Little Person

Curious Little Person — Tue, 09 Jun 2009 19:08:39 +0000

Thanks for the information, I back up my blog using Database BackupNever knew you could be hacked as well! Thanks for the information Ajith!Cheers SandeepCurious Little Person´s last blog post... Monetize your Blog the Right Way

By: Jacques Snyman

Jacques Snyman — Tue, 09 Jun 2009 18:32:48 +0000

I think the bottom line here is the emphasis we all need to place on backups! That word will always come back to haunt you if you disregard it! Sorry to hear about your experience, but am glad that it is all Ok now, and that you’re able to share the experience with us. Hopefully we all learn from this!

By: George

George — Mon, 08 Jun 2009 17:35:06 +0000

Eventhough the down time was less, it was a surprise for me.Because I was reading a post and after ten minutes I seen Ajit’s tweep about the error.

This is the lesson learnt post from the episode, good post.

By: TechZoomIn

TechZoomIn — Mon, 08 Jun 2009 15:48:54 +0000

I use Automated DB Backup..But i schedule it to get backup once in a week. Daily seems to be good option right?Thanks for the information Ajith.TechZoomIn´s last blog post... 260 Miscellaneous Web Design Icons Download..!

By: Melvin

Melvin — Mon, 08 Jun 2009 14:48:08 +0000

This is so true ajith. Most people give the excuse that they’re blog isn’t popular yet so theres no need for so much protection. I find it really retarded because hackers don’t pick what popular and what’s not. They just hack as much as they can…

Btw, I’ve written a really nice post about subfolders nd stuffs located here http://www.melvinblog.com/2009/05/steal-wordpress-files/ (if i may spam please. )

Melvin´s last blog post… MMO Blog Monetizer Launch

By: Chetan Gole

Chetan Gole — Mon, 08 Jun 2009 14:30:54 +0000

I have written a post on Make your WordPress blog secure [Prevent hacking attacks], i mentioned few plugins there have a look

Chetan Gole´s last blog post… Download Microsoft Bing ringtones – Free ! (Official Microsoft)