Is your Wordpress blog hacked? Why not upgrade to the latest version?

lucky red casino tournaments

millionaire casino poker Diceland Casino Slots For Fun Munsters slot download free munsters slot downloads 251. caribbean gold casino free craps Silver Oak Casino Payments Rome casino video slots rome casino baccarat 721. vip lounge casino registration Bodog Casino Download Problem "berry cherry slot machine" times pay slots machine online Cherry Red Casino Free Poker "prism casino bonus codes" 7 spins casino craps Villento Casino Slots Online lucky red casino tournaments millionaire casino free slots Crazy Vegas Casino Payments Munsters slot download free munsters slot downloads 251. caribbean gold casino free craps Aladdins Gold Casino Flash Slots Rome casino video slots rome casino baccarat 721. vip lounge casino registration Go Casino Fun Slots "berry cherry slot machine" times pay slots machine online Go Casino Phone Number "prism casino bonus codes" 7 spins casino craps Super Slots Casino Slot Machine Free lucky red casino tournaments millionaire casino free slots Crazy Slots Casino Free Cash Munsters slot download free munsters slot downloads 251. caribbean gold casino free craps Roxy Palace Casino Free Slots Games Rome casino video slots rome casino baccarat 721. vip lounge casino registration All Star Slots Casino Free No Download "berry cherry slot machine" play free times pay slot casino English Harbour Casino Free Slots Games "prism casino bonus codes" 7 spins casino craps Slots Galore Casino Free Slot Play lucky red casino tournaments millionaire casino free slots Mansion Casino Phone Number Munsters slot download free munsters slot downloads 251. caribbean gold casino free craps Diceland Casino Free Slots Games Rome casino video slots rome casino baccarat 721. vip lounge casino registration English Harbour Casino Phone Number "berry cherry slot machine" times pay slots machine online

7 Spins Casino Free Cash

"prism casino bonus codes" 7 spins casino free slots, Aladdins Gold Casino.com lucky red casino tournaments millionaire casino free slots Rome Casino Flash Slots Munsters slot download free munsters slot downloads 251. caribbean gold casino free craps Rushmore Casino Free Slots Games Rome casino video slots rome casino baccarat 721. vip lounge casino registration Mansion Casino News "berry cherry slot machine" times pay slots machine online Crazy Slots Casino Coupons "prism casino bonus codes" 7 spins casino craps Silver Oak Casino Download Problem lucky red casino tournaments millionaire casino free slots Aladdins Gold Casino Video Slots Munsters slot download free munsters slot downloads 251. caribbean gold casino free craps Zodiac Casino Video Slots Rome casino video slots rome casino baccarat 721. vip lounge casino free slots; Vegas Villa Casino Slot Machine Free "berry cherry slot machine" times pay slots machine online Rushmore Casino Download Games "prism casino bonus codes" 7 spins casino craps Slots Galore Casino Account lucky red casino tournaments millionaire casino free slots Rushmore Casino Checks Munsters slot download free munsters slot downloads 251. caribbean gold casino free craps Desert Dollar Casino Forum Rome casino video slots rome casino baccarat 721. vip lounge casino registration English Harbour Casino Table Games "berry cherry slot machine" times pay slots machine online Villento Casino Free Craps "prism casino bonus codes" 7 spins casino craps All Star Slots Casino Free Poker lucky red casino tournaments millionaire casino free slots Villento Casino Coupons Munsters slot download free munsters slot downloads 251. caribbean gold casino free craps Mansion Casino Coupons Rome casino video slots rome casino baccarat 721. vip lounge casino registration Super Slots Casino No Deposit Bonus Codes "berry cherry slot machine" times pay slots machine online All Star Slots Casino Slot Machine Free "prism casino bonus codes" 7 spins casino craps Lucky Red Casino Account lucky red casino tournaments millionaire casino free slots Millionaire Casino Coupons Munsters slot download free munsters slot downloads 251. caribbean gold casino free craps Rushmore Casino Slot Machine Free Rome casino video slots rome casino baccarat 721. vip lounge casino registration Rushmore Casino Video Slots "berry cherry slot machine" times pay slots machine online Rushmore Casino Sign Up Bonus "prism casino bonus codes" 7 spins casino craps All Star Slots Casino Video Slots lucky red casino tournaments millionaire casino free slots Rome Casino Video Slots Munsters slot download free munsters slot downloads 251. caribbean gold casino free craps Diceland Casino Free Slot Play Rome casino video slots rome casino baccarat 721. vip lounge casino registration Bodog Casino.com "berry cherry slot machine" times pay slots machine online Rushmore Casino Ranking "prism casino bonus codes" 7 spins casino craps Rome Casino Slots For Fun lucky red casino tournaments millionaire casino free slots Super Slots Casino Slots Online Munsters slot download free munsters slot downloads 251. caribbean gold casino free craps Vegas Villa Casino Slots For Fun Rome casino video slots rome casino baccarat 721. vip lounge casino registration Roxy Palace Casino Checks "berry cherry slot machine" play free times pay slot casino Silver Oak Casino Ranking "prism casino bonus codes" 7 spins casino craps Golden Casino Download Problem lucky red casino tournaments millionaire casino free slots Slots Oasis Casino Slots For Fun Munsters slot download free munsters slot downloads 251. caribbean gold casino free craps Go Casino Free Craps Rome casino video slots rome casino baccarat 721. vip lounge casino free slots; 7 Spins Casino Free Slot Play "berry cherry slot machine" times pay slots machine online All Star Slots Casino Download Games "prism casino bonus codes" 7 spins casino craps Slots Oasis Casino Fun Slots lucky red casino tournaments millionaire casino free slots Cherry Red Casino Table Games Munsters slot download free munsters slot downloads 251. caribbean gold casino free craps Aladdins Gold Casino Checks Rome casino video slots rome casino baccarat 721. vip lounge casino registration Online Vegas Casino Fun Slots "berry cherry slot machine" play free times pay slot casino Super Slots Casino Checks "prism casino bonus codes"

7 spins casino craps

Casino Tropez News lucky red casino tournaments millionaire casino poker English Harbour Casino Account Munsters slot download free munsters slot downloads 251. caribbean gold casino roulette Vip Slots Casino Free No Download Rome casino video slots rome casino baccarat 721. vip lounge casino registration Slots Galore Casino Payments "berry cherry slot machine" times pay slots machine online Millionaire Casino Download Games "prism casino bonus codes" 7 spins casino craps Diceland Casino Free Craps lucky red casino tournaments millionaire casino free slots Silver Oak Casino Registration Munsters slot download free munsters slot downloads 251. caribbean gold casino free craps Superior Casino Phone Number Rome casino video slots rome casino baccarat 721. vip lounge casino registration Desert Dollar Casino No Deposit Bonus Codes "berry cherry slot machine" times pay slots machine online Lucky Red Casino News "prism casino bonus codes" 7 spins casino craps Aladdins Gold Casino Free Craps lucky red casino tournaments millionaire casino free slots Villento Casino Video Slots Munsters slot download free munsters slot downloads 251. caribbean gold casino roulette 7 Spins Casino Table Games Rome casino video slots rome casino baccarat 721. vip lounge casino registration Rushmore Casino Registration "berry cherry slot machine" times pay slots machine online 7 Spins Casino Video Slots "prism casino bonus codes" 7 spins casino craps Millionaire Casino Slots For Fun lucky red casino tournaments millionaire casino free slots Online Vegas Casino News Munsters slot download free munsters slot downloads 251. caribbean gold casino free craps Mansion Casino Ranking Rome casino video slots rome casino baccarat 721. vip lounge casino registration Desert Dollar Casino Download Problem "berry cherry slot machine" times pay slots machine online

Online Vegas Casino Promotion Code

"prism casino bonus codes" 7 spins casino free slots, Diceland Casino Slots Online lucky red casino tournaments millionaire casino free slots Lucky Red Casino Ranking Munsters slot download free munsters slot downloads 251. Caribbean gold casino news caribbean gold casino home page 895. Zodiac Casino No Deposit Bonus Codes Rome casino video slots rome casino baccarat 721. vip lounge casino registration Mansion Casino Free Cash "berry cherry slot machine" times pay slots machine online All Slots Casino Slot Machine Free "prism casino bonus codes"

7 spins casino craps

Golden Casino Free Craps lucky red casino tournaments millionaire casino poker 7 Spins Casino.com Munsters slot download free munsters slot downloads 251. caribbean gold casino free craps Crazy Vegas Casino Video Slots Rome casino video slots rome casino baccarat 721. vip lounge casino registration All Star Slots Casino Download Problem "berry cherry slot machine" times pay slots machine online All Star Slots Casino Registration "prism casino bonus codes" 7 spins casino craps Villento Casino Free Slots Games lucky red casino tournaments millionaire casino free slots Royal Vegas Casino Free Poker Munsters slot download free munsters slot downloads 251. caribbean gold casino free craps Millionaire Casino Forum Rome casino video slots rome casino baccarat 721. vip lounge casino registration Cherry Red Casino Account "berry cherry slot machine" times pay slots machine online Online Vegas Casino Download Games "prism casino bonus codes" 7 spins casino craps Aladdins Gold Casino No Deposit Bonus Codes lucky red casino tournaments millionaire casino free slots Vip Slots Casino Registration Munsters slot download free munsters slot downloads 251. caribbean gold casino free craps Desert Dollar Casino Registration Rome casino video slots rome casino baccarat 721. vip lounge casino free slots; Millionaire Casino No Deposit Bonus Codes "berry cherry slot machine" times pay slots machine online Rushmore Casino Slots Online "prism casino bonus codes" 7 spins casino craps Golden Casino Fun Slots lucky red casino tournaments millionaire casino free slots All Star Slots Casino Slots Online Munsters slot download free munsters slot downloads 251. caribbean gold casino free craps Bodog Casino Phone Number Rome casino video slots rome casino baccarat 721. vip lounge casino registration Cherry Red Casino Free Slots Games "berry cherry slot machine" play free times pay slot casino Roxy Palace Casino Download Games "prism casino bonus codes" 7 spins casino craps Vegas Villa Casino Forum lucky red casino tournaments millionaire casino free slots Mansion Casino Checks Munsters slot download free munsters slot downloads 251. caribbean gold casino free craps Royal Vegas Casino Phone Number Rome casino video slots rome casino baccarat 721. vip lounge casino free slots; Virtual City Casino Free Craps "berry cherry slot machine" times pay slots machine online Golden Casino Payments "prism casino bonus codes" 7 spins casino craps Villento Casino Forum lucky red casino tournaments millionaire casino free slots Bodog Casino Slot Machine Free Munsters slot download free munsters slot downloads 251. caribbean gold casino free craps Jackpot City Casino Account Rome casino video slots rome casino baccarat 721. vip lounge casino registration Zodiac Casino Slot Machine Free "berry cherry slot machine" times pay slots machine online Lucky Red Casino No Deposit Bonus Codes

"prism casino bonus codes" 7 spins casino free slots, Royal Vegas Casino Payments lucky red casino tournaments millionaire casino free slots Millionaire Casino Phone Number Munsters slot download free munsters slot downloads 251. caribbean gold casino free craps 7 Spins Casino Phone Number Rome casino video slots rome casino baccarat 721. vip lounge casino registration Mansion Casino Slots For Fun "berry cherry slot machine" times pay slots machine online English Harbour Casino Download Problem "prism casino bonus codes" 7 spins casino craps Crazy Slots Casino Free No Download lucky red casino tournaments millionaire casino free slots All Star Slots Casino Ranking Munsters slot download free munsters slot downloads 251. caribbean gold casino free craps Vip Slots Casino Forum Rome casino video slots rome casino baccarat 721. vip lounge casino registration Jackpot City Casino Payments "berry cherry slot machine"

Jun 12, 2008 by Mircea Goia MyTestBox News

Wordpress logo

If you are running Wordpress blog software (and it’s not upgraded to the latest version) you might have been a target for hackers who are looking to take over blogs for search-engine optimization (SEO) of other sites they control, traffic-redirection and other bad purposes.

Most of the attacks consist in using SQL injection and XSS cross-site scripting and that is because the user input isn’t filtered properly by the software. Some of the attacks use bots which can create hundreds of spam pages on your blog automatically, place a backdoor (so the hacker can come back at later time) or steal users passwords.

Hackers are taking advantage of the open-source nature of the software to look and analyze the source code of a specific software they want to attack and test it for potential vulnerabilities. Then the developers and users have to detect, track down, and shut down the vulnerabilities in the code that those attackers are using.
The pattern seems to be the same: when a new hole is found, it’s broadly exploited, then developers rush out a patch and/or a new release. Most of the damage inflicted by the automated exploits can be reversed with an upgrade but in some cases you can be left with thousands of spam pages and images to clean up (and they are usually well hidden). If the attacked software is very popular (and that attracts hackers too) – like Wordpress – then thousands of installs can be compromised.

Chances are that a blog owner realizes late that his blog was hacked that why it is important to keep up with the latest upgrades and security patches from Wordpress.com and keep an eye on your blog: monitor the statistics, the blog usage, have frequent backups and track other security blogs for news about any security holes one of them is BlogSecurity.net.

Always upgrade your Wordpress installation to the latest version (also any latest security patches released should be installed). Be aware that if you installed Wordpress from within Fantastico package then most probably you won’t have the latest version in the package (it seem Fantastico guys takes their time in updating their package with the latest versions of the software they put in that package – Wordpress included). Faster than them in updating their software the guys from SimpleScripts (Fantastico and SimpleScripts are usually offerend by many hosting companies to their subscribers).

How you secure your Wordpress installation?

Your “plugins” directory is NOT secured by default!

And that means there’s no “index.html” or “index.php” file in that directory so anyone can SEE what plugins are you using by just going to “www.yoursite.com/wp-content/plugins”. It is easy to stop this by creating a blank HTML file named “index.html” and put it in that directory. Job done!

Choose a strong password!

Don’t use an easy to be guessed admin password (your several characters small name, your wife’s name, pet names, etc)…choose a longer password and try to combine it with numbers and upper/lower case letters (even other characters like #,$,%,^…). And change your admin password regurarly!

Use security-related plugins!

Some of these security related plugins may help you:

- BS-WP-NoVersion
A lot of attackers and automated tools will try and determine software versions before launching exploit code. Removing your WordPress blog version may discourage some attackers and certainly will mitigate virus and worm programs that rely on software versions.
You can get this plugin from here (download it as PHP file – not TXT – and put it in your “plugins” directory, then activate it)
Or you can use Replace WP version plugin.

- Login LockDown
Login LockDown records the IP address and timestamp of every failed WordPress login attempt. If more than a certain number of attempts are detected within a short period of time from the same IP range, then the login function is disabled for all requests from that range. This helps to prevent brute force password discovery. Currently the plugin defaults to a 1 hour lock out of an IP block after 3 failed login attempts within 5 minutes. This can be modified via the Options panel. Admisitrators can release locked out IP ranges manually from the panel.
Download it from here.

- AskApache
AskApache Password Protect adds some serious password protection to your WordPress Blog. Not only does it protect your wp-admin directory, but also your wp-includes, wp-content, plugins, etc. plugins as well. Imagine a HUGE brick wall protecting your frail .php scripts from the endless attacks of automated web robots and password-guessing exploit-serving virii. Forget spam, these millions of zombie bots are too outrageous to ignore, they are attempting known (but strangely outdated) exploits looking for known vulnerabilities against blogs and other Internet software. Sooner or later some poor blogger is going to miss an upgrade and become a victim to this type of video-game-like-attack.
Get it from here.

- WP Security Scan
Scans your WordPress installation for security vulnerabilities and suggests corrective actions: passwords, file permissions, database security, version hiding, WordPress admin protection/security, removes WP Generator META tag from core code
Download it from here.

- Use Wordpress firewall!
A weblog platform is vulnerable to hacking attempts which is where their unique firewall protection for Wordpress will give you peace of mind (so they say).
The firewall script supports PHP and MYSQL making it an ideal partner for Wordpress. No matter what version of Wordpress you are using the Firewall Script will make your blog secure (protecting your blog from SQL Injections, Coding Errors, Cross Site Scripting (XSS), Cross-site request Forgery (CSRF), Password theft (IP Lock), Comment Spam, DDoS Attacks, Customized wordpress ruleset (blocks all exploits)).
Download Firewall software now to make your Wordpress installation secure against web based attacks (this software is not free!).

Rename the administrative account!

You can do this in the MySQL command-line client with a command like “update tableprefix_users set user_login=’newuser’ where user_login=’admin’;”, or by using a MySQL frontend like phpMyAdmin.

Backup your database!

You should backup your data regurarly (that includes the database). Encrypting the backup, keeping an independent record of MD5 hashes for each backup file, and/or placing backups on read-only media (such as CD-R) increases your confidence that your data has not been tampered with.
One good utility is WP-DBManager and can be downloaded from here or WP-DB-Backup which can be downloaded from here.
Or you can use the MySQL database manager of choice: phpMyAdmin (how to use this as a backup tool read here)

Log all your $POST variables!

Standard Apache logs do not offer much help with dealing with security forensics.
So, to log all $POST variables sent to WordPress you can use this plugin called Postlogger (download it from here).
If you happen to be using this plugin, and actively logging all $POST variables, and your WordPress install is exploited, you will be able to go back and actually see where and how the exploit occurred. Armed with that information, you can take the data to the WordPress developers.

Plugins that need write access!

If a plugin wants write access to your WordPress files and directories, then first read the code to make sure it is legit or check with someone you trust and is more savvy than you. Other possible places to check are the Wordpress Support Forums and IRC Channel.

Encrypt all communication within “wp-admin” directory! (if possible)

You can secure and encrypt all of your communication and important WordPress cookies using the Admin-SSL plugin. Works with Private and Shared SSL. This plugin can be downloaded from here.

Tighten up the file permissions!

Some of WordPress’ cool features come from allowing some files to be writable by web server. However, letting an application have write access to your files is a dangerous thing, particularly in a public environment.
From a security perspective, it is best to lock down your file permissions as much as possible and to loosen those restrictions on the occasions that you need to allow write access, or to create special folders with more lax restrictions for the purpose of doing things like uploading images.

Of course, update your Wordpress!

Like I said above, keeping your Wordpress installation up to date is one of the most important measure against hackers. And it’s not complicated to be done either (backup everything before upgrade!).

Learn more about Hardening a Wordpress installation here, on Wordpress website.

To test your Wordpress blog for weaknesses Blogsecurity website developed an online Wordpress scanner.
You can try it out here.
*NOTE: Before using this scanner you need to install a plugin (named “wp-scanner”) they offer and can be downloaded from here! Activate the plugin, scan your blog, then deactivate the plugin to prevent others scanning your blog again.

BlogSecurity also offers a WordPress Security Whitepaper which has detailed informations about securing your Wordpress installation. Read more here.

Now that you have SECURED your blog (hopefully you did implement those above measures, did you? at least most of them…) please read more how others were attacked and what did they do to fix this. Or just read how can YOU be attacked by different means.

————————————
Mircea Goia was born in Romania and immigrated to US in 2005.
He lives in Phoenix, AZ and works as web developer. Aside, he works also on several entrepreneurial Web projects.
He shows a keen interest in commercial Web development such as social networks, viral marketing and online video.
His artistic hobby is filmmaking with special interest in directing.
————————————

Sphere: Related Content

Want more web software reviews, news and tips/tricks?
Then make sure you subscribe to our RSS feed!

Tags: blog, hacking, secure installation, Tips and Tricks, wordpress, Wordpress security plugins

(6 votes, average: 5.00 out of 5)

Loading ...

This entry was posted on Thursday, June 12th, 2008 at 12:40 am and is filed under MyTestBox News. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

10 Responses to “Is your Wordpress blog hacked? Why not upgrade to the latest version?”

Your Blog Got Cracked! 8 Steps To Show You Concern | Make Money Online Blog Says:

July 1st, 2008 at 7:58 am
[...] Is your Wordpress blog hacked? Why not upgrade to the latest version? [...]
dian Says:

November 12th, 2008 at 12:10 am
Thx for the info, u really help me with the issue of securing my wp site.
btw i knew that GNUCitizen.org has released plugin for wordpress last october, WP Blogsecurify 1.0 . have u review the plugin? u can see it in http://www.gnucitizen.org/blog/wp-blogsecurify-10/

[Reply]
Mircea Goia Says:

November 12th, 2008 at 12:26 am
No, I haven’t seen that plugin but I’ll take a look. Thank you for the info.

[Reply]
Sameer Dhoot Says:

November 17th, 2008 at 9:12 am
This is a good article.. good work..keep em coming…

[Reply]
Wordpress Secure Login Says:

January 3rd, 2009 at 10:59 am
You can use wordpress stealth login like this tutorial http://xtremenitro.org/2008/12/29/stealth-login-secure-your-wordpress-login.html

[Reply]
Mircea Goia Says:

January 3rd, 2009 at 3:54 pm
If that page would be in English it would be better.
The link to the stealth plugin is here: http://wordpress.org/extend/plugins/stealth-login/

[Reply]
Titus Barik Says:

January 4th, 2009 at 8:35 pm
Great tips! It’s surprising that the plugins directory doesn’t have an index.php or index.html file included by default.

[Reply]
emin Says:

January 25th, 2009 at 11:01 am
hello ?m speak turk?sh. not speak english:-(

[Reply]
Fotos de cali Says:

February 9th, 2009 at 8:14 pm
esta muy bueno el post, sobretodo los plugins para hacer backup de al base de datos

[Reply]
Freshly Pressed » Blog Archive » WordPress security Says:

August 30th, 2009 at 10:18 am
[...] Is your WordPress blog hacked? [...]

Additional comments powered by BackType

Get News by RSS feed | Get News by email | Twitter

"prism casino bonus codes"

7 spins casino craps

times pay slots machine online

times pay slots machine online

times pay slots machine online

"berry cherry slot machine"

7 spins casino craps

"prism casino bonus codes"

lucky red casino tournaments

7 spins casino craps

7 spins casino craps

"prism casino bonus codes"

7 spins casino free slots,

play free times pay slot casino

play free times pay slot casino

"berry cherry slot machine"

times pay slots machine online

7 spins casino craps

7 spins casino craps

"prism casino bonus codes"

"prism casino bonus codes"

"prism casino bonus codes"

"prism casino bonus codes"

7 spins casino craps

"prism casino bonus codes"

7 spins casino craps

"prism casino bonus codes"

7 spins casino craps

7 spins casino craps

times pay slots machine online

lucky red casino tournaments

lucky red casino tournaments

7 spins casino free slots,

"prism casino bonus codes"

lucky red casino tournaments

"berry cherry slot machine"

7 spins casino craps

times pay slots machine online

lucky red casino tournaments

10 Responses to “Is your Wordpress blog hacked? Why not upgrade to the latest version?”

Leave a Reply

Recent Post

Recent Comments

Archives

Categories

Popular posts