Sage Blogger: One Of My WordPress Sites Was Hacked- And I Thought It Would Never Happen To Me
45n5
· 2 years ago
Sorry to hear about getting hacked.
There is no paranoia, stories of wordpress installs getting hacked are a dime a dozen.
On the other hand, there are very few stories of something like typepad being hacked.
Vlad
· 2 years ago
Mark,
Believe it or not it happen the same day I asked you about Group Platform. How ironic!
It really sucks though. I understand why you are programing your own blogs.
Dane Morgan
· 2 years ago
I feel you pain. I was hacked earlier this year, and actually they got into several of my niche blogs and converted them into phishing sites. I lost a LOT of hard work and some significant income.
WordPress suffers from the same main security flaw as Internet Explorer. The flaw is market share dominance. Sure you could spend time writing code to compromise Safari or Opera, or TypePad or dBlogger, but there aren't that many people using them in comparison. The best bang for the buck, and them most likely you are to get a lot of blogs (or browsers) and to have a lot of them still using the insecure older versions after updates are left is to target the ones with the most market share.
That is why it's so important that you stay on top of upgrades. And not just to WP itself, but to plugins you are using. plugins can be compromised and if not updated, they leave security holes into your blog.
Vlad
· 2 years ago
Dane,
To be honest I just way too lazy, I generally wait until the upgrade is available via Fantastico- yeah I know.
The other part is that I ran into problems a few times that themes were not compatible with the latest updates, and the theme authors did not care either. Are you releasing any of your themes soon?
Deaf Musician
· 2 years ago
That doesn't mean typepad is safe. Let me give you an example...
If you choked eating a pretzel, would anyone know / care? But... if President Bush choked eating a pretzel, the whole world would hear about it.
So the point is, the more popular you are, the more coverage you will get.
45n5
· 2 years ago
you also might not be hearing about typepad folks getting hacked because people on typepad aren't getting hacked!
Vlad
· 2 years ago
Mark,
That may be true, however I think WordPress outperforms most of the other platforms, yes you need an arsenal of plugins to get things the way you want them to be but at the end of the day there is a reason why WordPress is so popular.
I don't know I am not convinced either way. At least I know WordPress better by now, I hate to spend any more time on all sorts of learning curves, especially one's that can be avoided. I am getting old. lol
45n5
· 2 years ago
I agree wordpress has many advantages.
This post was about security that's why i was mentioning the typepad alternative.
If you are suggesting a "secure" solution for somebody I don't think wordpress should be the first thing you mention.
If I were a hacker I would probably be more tempted by "bigger fish"- which doe not explain why my site was hacked.
Oh well I am going to sleep on it.
Dane Morgan
· 2 years ago
Well, I've kind of put theme development on a back burner. I've got five or so nearly completed themes but haven't made the time to polish them. I've been working on my niche marketing membership blog mostly of late, trying to get the value I want into it without the workload it's turning into on me.
But I could probably whip something up for you if you gave me an idea what you were looking for.
It's really a shame that a theme ever "breaks". Template tags are deprecated for several versions before they are removed, so it isn't like it was a surprise to anyone that tags they were using were going away.
"yes you need an arsenal of plugins to get things the way you want them'
You know, I used to have loads and loads of plugins, but as time goes by, I'm selecting them with more critical thought. I'm using fewer and fewer of them. I've probably eliminated over 75% of the number of plugins I was using a year ago. When you consider how many more there are now, that's something. I really ask myself if a plugin will actually add traffic, conversion or user value to my blog before I even consider trying it these days. i'm getting really minimalist about it, and honestly, it's early days for some of the changes I'm making, but it seems to be making things better at the start.
Ray Dotson
· 2 years ago
Hey Vlad, thanks for linking and helping to call more attention to this whole issue. Mark and Dane make great points about the vulnerabilities of wordpress. I've been thinking about this for a while and I've decided to not use wordpress for any of my other sites. It's just too much work to keep up with updates, security, comment spam, etc. It's much easier to put together websites with a little bit of html or php, etc. Wordpress is a great piece of software, but it's often way too much for simple sites.
Also, there's no question that being a big player does draw more attention from bad guys. Who has time to keep up with being constantly attacked? That's why I prefer to use macs and linux for real security.
Vlad
· 2 years ago
Ryan,
Thanks for stopping by. I envy you guys, or anyone who can write a piece of software. Fro rest of us we have to use what is available for free. But I agree with Dane that WordPress is the best you bang for the buck.
I think my problem for not updating regularly is due to the fact that I have modified this theme quiet a bit and am using number of plugins. So every time there is an update I wonder if things will be compatible. So I taking Dane route- and will try to become minimalist- less plugins.
All Comments
There is no paranoia, stories of wordpress installs getting hacked are a dime a dozen.
On the other hand, there are very few stories of something like typepad being hacked.
Believe it or not it happen the same day I asked you about Group Platform. How ironic!
It really sucks though. I understand why you are programing your own blogs.
WordPress suffers from the same main security flaw as Internet Explorer. The flaw is market share dominance. Sure you could spend time writing code to compromise Safari or Opera, or TypePad or dBlogger, but there aren't that many people using them in comparison. The best bang for the buck, and them most likely you are to get a lot of blogs (or browsers) and to have a lot of them still using the insecure older versions after updates are left is to target the ones with the most market share.
That is why it's so important that you stay on top of upgrades. And not just to WP itself, but to plugins you are using. plugins can be compromised and if not updated, they leave security holes into your blog.
To be honest I just way too lazy, I generally wait until the upgrade is available via Fantastico- yeah I know.
The other part is that I ran into problems a few times that themes were not compatible with the latest updates, and the theme authors did not care either. Are you releasing any of your themes soon?
If you choked eating a pretzel, would anyone know / care? But... if President Bush choked eating a pretzel, the whole world would hear about it.
So the point is, the more popular you are, the more coverage you will get.
That may be true, however I think WordPress outperforms most of the other platforms, yes you need an arsenal of plugins to get things the way you want them to be but at the end of the day there is a reason why WordPress is so popular.
I don't know I am not convinced either way. At least I know WordPress better by now, I hate to spend any more time on all sorts of learning curves, especially one's that can be avoided. I am getting old. lol
This post was about security that's why i was mentioning the typepad alternative.
If you are suggesting a "secure" solution for somebody I don't think wordpress should be the first thing you mention.
But I also have to agree with "Maestro" on WordPress being the most popular one:
http://www.problogger.net/archives/2006/01/18/b...
If I were a hacker I would probably be more tempted by "bigger fish"- which doe not explain why my site was hacked.
Oh well I am going to sleep on it.
But I could probably whip something up for you if you gave me an idea what you were looking for.
It's really a shame that a theme ever "breaks". Template tags are deprecated for several versions before they are removed, so it isn't like it was a surprise to anyone that tags they were using were going away.
"yes you need an arsenal of plugins to get things the way you want them'
You know, I used to have loads and loads of plugins, but as time goes by, I'm selecting them with more critical thought. I'm using fewer and fewer of them. I've probably eliminated over 75% of the number of plugins I was using a year ago. When you consider how many more there are now, that's something. I really ask myself if a plugin will actually add traffic, conversion or user value to my blog before I even consider trying it these days. i'm getting really minimalist about it, and honestly, it's early days for some of the changes I'm making, but it seems to be making things better at the start.
Also, there's no question that being a big player does draw more attention from bad guys. Who has time to keep up with being constantly attacked? That's why I prefer to use macs and linux for real security.
Thanks for stopping by. I envy you guys, or anyone who can write a piece of software. Fro rest of us we have to use what is available for free. But I agree with Dane that WordPress is the best you bang for the buck.
I think my problem for not updating regularly is due to the fact that I have modified this theme quiet a bit and am using number of plugins. So every time there is an update I wonder if things will be compatible. So I taking Dane route- and will try to become minimalist- less plugins.