I don’t feel safe with WordPress, hackers broke in and took things

A few weeks ago some hackers broke into my blog here (this was before 2.8.4 was released). At first I thought they just left some porn sites in a couple of blog entries. So we upgraded WordPress (I was on 2.7x back then). Deleted a fake admin account. Deleted the porn sites. And thought we had solved the problem. We didn’t.

They broke back in, but this time they did a lot more damage. They deleted about two months of my blog. Yes, I didn’t have a backup. I should learn to do backups (we’re doing them now). Life has a way of beating you if you don’t have backups.

Anyway, this time they also put some malicious code on my archive pages. Google sent me an email saying they had removed my blog from its index. That got a whole team to look into how they broke in. Now thanks to TechCrunch and Mashable you know there was a vulnerability in WordPress which let them break in. Even more good details on Lorelle’s blog.

We’ve done some other things now to make it harder for them to break in (for instance, my admin account has been deleted and a new one doesn’t use the name “admin”), but the damage is done and I feel the same way when our childhood home was broken into. I don’t feel safe here, which might explain why I’ve been posting more over on a new Posterous blog I’ve setup.

Hopefully we’ve caught all the damage and hopefully other WordPress users haven’t had worse damage happen to them. Have you been hit by WordPress vulnerabilities? If so, what did you do to lock down the system?

Oh, and please upgrade your WordPress immediately to the latest version. That seems to have fixed the hole that the jerks got in through on my blog. Knock on wood.

So, once this happens, how do you feel safe again?

UPDATE: Matt Mullenweg, who is the guy who runs Automattic, the company that produces WordPress, wrote that I never had the problem on WordPress.com (hosted version of WordPress). That’s true. Interesting conversation going on over there with Matt.

About Robert Scoble

As Startup Liaison for Rackspace, the Open Cloud Computing Company, I travel the world with Rocky Barbanica looking for what's happening on the bleeding edge of technology and report that here.

289 thoughts on “I don’t feel safe with WordPress, hackers broke in and took things

  1. I agree with spidersilk on that too. It is a rich environment with several points of failure and wordpress is only one of them. I've had application hacks, malicious stuff installed and even a rootkit attack on my servers. It was even worse when I used managed servers since I had to depend on others to fix it which took more time.

    Backing your data is always a good step of achieving an acceptable peace of mind level with web endeavors.

  2. I agree with spidersilk on that too. It is a rich environment with several points of failure and wordpress is only one of them. I've had application hacks, malicious stuff installed and even a rootkit attack on my servers. It was even worse when I used managed servers since I had to depend on others to fix it which took more time.

    Backing your data is always a good step of achieving an acceptable peace of mind level with web endeavors.

  3. <h2 align=”center”>Don't Do For Ugg Boots UK</h2>

    –>If you own a pair of Ugg boots, ugg classic short, be sure to take proper care of them and clean them regularly. With the proper care and cleaning, Uggs can last several years or even a lifetime.

    You love sheepskin footwear and ugg classic because they are comfortable and fashionable. How to keep them looking great? The following are a few tips to help you to know what you don't do for your natural beauty and functionality uggs.

    –>Tip one, don't store your cardy boots ugg in a light place. Because they can bleach in extreme sunlight.

    –>Tip two, ugg boots should not be worn in extremely moist or muddy conditions as moisture can cause problems.

    –>Tip three, don't clean the exterior of? your uggs knightsbridge with a hard brush or cloth at first time dirty.

    –>Tip four, trying not to saturate the sheepskin footwear with water, especially warm or hot water. And don't clean them in a washing machine or dryer, this will cause problems with shrinkage and can adversely change the sheepskin.

    –>Tip five, if need, except specially detergent for sheepskin product, just like classic ugg mini, don't use any wool detergent. Also don't use high concentration cleaning solution.

    –>Some suggestions for you to protect your natural beauty and functionality uggs long periods of time. And also hoping to help you solving your hesitation, spending little time to know more information about ugg boots.

    –>All rights reserved, reprint, please specify source comes from http://www.goodugg.co.ukbailey button,ugg knightsbridge boots,cardy boots,ugg tall classic

  4. is moving to posterus, which is indeed a great service, but is none the less a hosted provider on a service that you don't control, more secure?

    I think we could hash through the dynamics of this security problem (e.g. posterous, running your own server, etc) at some length, but I'm not sure if that discussion would be particularly useful…

  5. Well, so nice post, haah! Your mind helps me so much! I'm not sure if you mind the thing I'll do here. Im an online seller for the Timberland shoes, Gucci shoes, Prada shoes and Gucci bags, Coach bags, Prada bags, and the pretty Adidas sunglassess, D&G sunglasses , Dior sunglasses are my products also. Alright, seems I have to make the apology for my MLB jerseys, NFL jerseys, NBA jerseys, NHL jerseys, they are the most hot items on my sites, are u interest in them?

Comments are closed.