Sorry this site requires JavaScript to be enabled in your browser. See the following guide on How to enable JavaScript in Internet Explorer, Netscape, Firefox and Safari. Alternatively you may be blocking JavaScript with an advert-related or developer plugin. Please check your browser plugins.

Mike Dammann: Everyone I network with uses wordpress. Sure, there are some Typepad and Moveable Type users here and there, but Wordpress is the search engine friendliest, easiest to install and the plugins are great.

Wordpress is by far the best. Hands down!

In the past 6 months I have gotten a little bit of insight into the world of hackers and realized just how easy it is to hack ANY blog using the platform.
Comments22 Comments  

Comments

Avatar Moderator
from Jill 2229 Days ago #
Votes: 0

Yep. Found out mine was hacked the other day so I closed it down. I don’t have time to police it, and don’t really know how the hackers get in anyway.I had been thinking of creating a new blog recently, but that’s on hold right now because I’m not comfortable using Wordpress at the moment. I know I could use another platform, but I sure did like Wordpress for the ease of set up, use and the availability of a wide variety of plug ins.

Avatar
from MikeDammann 2229 Days ago #
Votes: 0

A lot of high profile and authority blogs have been hacked. Many times the owners are not aware of it. Before they realize it, they drop in Google. Other times they get alerted by their hosting company. The hackers get a fast financial benefit thru the work the blog owner has been doing getting his blog the credibility enabling the spam content to rank while the blogger loses power without wrong doing of his own.IMO a serious issue which both Google and the Wordpress team need to pay a lot more attention to!

Avatar Moderator
from Jill 2229 Days ago #
Votes: 0

I agree that the blog owner loses their listings in Google, but what makes you think that the hacked links end up having much (if any) actual power to give them any link benefit?If you can show that in action, I’d be very interested in seeing it!

Avatar
from JohnHGohde 2229 Days ago #
Votes: -3

I guess that hacking WordPress blogs would be called advanced black hat SEM?  How many times have I heard someone state on Sphinn that they do Black Hat stuff precisely because it works.  Well, I would be willing to bet that people Hack websites precisely because it works. They probably are keeping 100% of all monies collected, too.

Avatar
from MikeDammann 2229 Days ago #
Votes: 0

Actually, I know some blackhats, and according to them WP is not even a challenge, John.

Avatar
from matteo 2229 Days ago #
Votes: 0

A little tech consideration, we should have to say that lots of WP exploits are usually related to third party plugins that use sql calls.But recently WP team released a brand new version (2.6.2) that fixes some important security issues related to a couple of possible sql exploits.

Avatar
from sza 2228 Days ago #
Votes: 6

"hacking WordPress blogs would be called advanced black hat SEM"You clearly don’t have an understanding of the concept of legal vs illegal, and how this is not the same as blackhat vs [other color]hat.Though, obviously, your personal business interests (promoting yourself as pure, organic and flower scented whitehat) give you a strong incentive to intentionally mix up "blackhat" and "illegal".

Avatar
from sza 2228 Days ago #
Votes: 1

I am no programming expert, but I believe most of the vulnerability in WP comes from features that make it more interactive and more flexible.A great deal of hacking could be prevented if WP provided a clear, well-explained and comprehensive way (even a separate tab on the dashboard) to switch off every interactivity and flexibility feature you don’t need or are willing to live without.Currently, these options are scattered in separate tabs (and even the config file), and it’s not clear what the benefits and security risks of each are (which would help you decide whether to keep that feature switched on or not).I also haven’t seen any guide for those who want to use WP as a CMS, not a blogging platform. Such users would probably turn off a whole lot of features if it was obvious for them how these features could compromise security while being completely unnecessary for their particular goals.

Avatar
from sza 2228 Days ago #
Votes: 1

-

Avatar
from JohnHGohde 2228 Days ago #
Votes: -1

@Harith   How about Google has some SERIOUS (security) Issues which black haters are seriously exploiting because they work.  And, now that some black hatters have been out black hatted, who are they appealing to?  Could it be Google?   Simply amazing!!! I did a Google on the topic and got over one million hits.  The very first hit covered key security actions that should be taken.  It was actually sphunn on Sphinn, but only the last one in a series of 3 went hot since it told people what they needed to do.That is why I did not sphinn this old news story. Nothing newsworthy here.  Not even a comment or two as to what can be done about security on a World Press blog.

Avatar
from matteo 2228 Days ago #
Votes: 0

I agree with sza, as far as I have understood the real meaning of blackhat seo is quite different from an illegal action like hacking.I have only to add something related to wp security holes, I worked on WP since its early version as plugin developer and I can say that the Wp developers community is at this very moment very big and lots of troubles are linked to third party plugins.The only way to prevent these troubles is to force developers to use a sort of wp-api (or at least force them to read wp docs :x), in particolar for db connections, and this will prevent most of the exploits we have seen on wp in the last few years/month.As far as I have seen lots of dev use to query mysql db using standard php code without any security test on inputs... and now you can understand why wp is risky, or better some plugins are risky...

Avatar
from ericbramlett 2228 Days ago #
Votes: 2

The best way to prevent this is with google alerts.  Set up alerts similar to:site:www.mysite.com +viagrasite:www.mysite.com +cialisetc...You’ll know the instant the links are placed, and you should be able to fix the problem before it becomes a problem.

Avatar
from ericblackwell 2228 Days ago #
Votes: 0

I’d agree with ericbramlett’s assessment. @Jill- You bet they work and deliver links to where they are wanted. In many of the cases the links go to a second site (on unique pages that pushes links to the intended target. No reason to shut down a site, however IMO. Especially not one that you have worked on for a while?Eric

Avatar
from Malok 2228 Days ago #
Votes: 0

A very important article for a great many people.  Wordpress is popular and the security issues with it really lend itself to others that may want to take advantage of it.

Avatar Moderator
from Jill 2228 Days ago #
Votes: 0

@Jill- You bet they work and deliver links to where they are wanted.Yes, but are they counting for anything?

Avatar
from Seoworkers 2228 Days ago #
Votes: 1

I do not beleive that there is a site that cannot be hacked. Period.About WP, if your blog’s version is up-to-date, you implement the instructions of the WP-Security scanner plugin and the .htaccess rules (the ones applicable which do not conflict with your plugins) here http://www.askapache.com/htaccess/htaccess-plugin-blocks-spam-hackers-and-password-protects-blog.html you shall be much safer.Just my two cents.

Avatar
from IncrediBILL 2228 Days ago #
Votes: 5

This is not new news as WordPress gets hacked relentlessly and you can read about it everywhere. However, I gave it a Sphinn because blissfully naive people need to know.I installed WordPress on my own server once and the hacking and spamming attempts started almost immediately and I have no clue how they found it, it wasn’t even in Google, it was a private test folder, it was almost like they could smell it.The best place to install WordPress is on the WordPress site themselves, let them handle the security and you can pay a small annual fee to link it to your site as a subdomain.

Avatar
from ifindtrends 2228 Days ago #
Votes: 0

I agree nothing new. Just like any website, there are measures you can take to make it more secure though. Thereare a couple articles on how to tighten up your security. Noupe has a good one or search for how to make wordpress more secure.

Avatar
from Harith 2228 Days ago #
Votes: 0

Matt Cutts posted on his blog a comment relevant to this thread. Thanks, Matt: Matt Cutts Said, September 14, 2008 @ 7:57 pm Harith, I think WordPress is so popular that it’s inevitable that WP is a pretty big target for hackers. What bothers me is the need to upgrade my software whenever there’s a new security hole–that plus this annoying “it takes forever to clean up the junk left behind by WP Super Cache” issue had me taking a fresh look at Blogger this past weekend. I store my data in the cloud for most services these days precisely so I don’t have to worry about security issues or keeping my software up-to-date. If Blogger had a few more options (ability to do different permalink url vs. title, better WordPress importing ability, more flexibility with comments), it would be pretty tempting. Some of the stuff at Blogger in Draft is looking pretty neat.

Avatar
from mjwalshe 2228 Days ago #
Votes: 0

This is just SOP all sites get attacked and wp had a lot of vunerabilities mostly sql injection.We have had few wp blogs get hit - one sign is wierd search terms turning up in your logs and the snippet changing to feture text from the tons of dodgy links dumped in the footer.one WP site of ours that got hacked dosent seem to have had a drop in trafic so it looks like the links are just devalued.

Avatar
from JeffMHoward 2227 Days ago #
Votes: 0

props to SEOWorkers for the link to a helpful plugin.

Avatar Moderator
from Jill 2224 Days ago #
Votes: 0

Harith, once again, it’s best to link to the comments on someone else’s blog rather then reprint them here, imo.

Upcoming Conferences

Search Marketing ExpoSearch Engine Land produces SMX, the Search Marketing Expo conference series. SMX events deliver the most comprehensive educational and networking experiences - whether you're just starting in search marketing or you're a seasoned expert.



Join us at an upcoming SMX event: