Has your wordpress website been hacked this week?

I've just come across this interesting aticle on the BBC news website.

"Wordpress has been attacked by a botnet of "tens of thousands" of individual computers since last week, according to server hosters Cloudflare and Hostgator."

Take a look here and start working on your site's security if you haven't already done so... www.bbc.co.uk/news/technology-22152296

 

If you own a wordpress website make sure to secure the /wp-admin/ path. Either restrict it to your own IP address or install the fail login attempts addon.

 

I didn't do anything and my websites are okay.

 

I'm SO shocked... oh wait, not shocked... Is there even a word for the opposite of shocked?

Mutliple entry points, no attempt to prevent direct calls to library files, storing the SQL UN/PW/Host info in DEFINE... I'm shocked 3.x hasn't been as big a train wreck as 2.x all things considered... after all it won the Mass 0wnage Pwnie back in '08 for a reason.

Every time I look at ANY of it's code, it just sets me to full froth; never have I seen ineptitude on such a scale -- they are quite fortunate most people are too stupid to know any better, or nobody in their right mind would be using it.

NOT that the competition is much better, but there's a reason I suggest custom solutions instead of off the shelf crap.

 

Why don't you help them then? I am sure that they would appreciate your advices.

 

Because there isn't a damned thing I'd even TRY to preserve from it, most of my changes would break every single skin out there... basically if I'm going to rewrite from scratch I'd rather write my own... Which is slow going on my own but I've had too damned many disagreements in trying to work with other developers on what should even go into a blog/cms/forum software. After several attempts about seven or eight years ago to at LEAST get them to neuter the blasted markup they shove down your throat that you have NO control over from the skinning system, I basically gave the entire damned thing the finger and walked away.

The folks behind it and most people working on it are under this bizarre delusion that more code makes things simpler; the ENTIRE system that makes mods possible is IMHO the biggest security hole in it - disallowing mods/plugins altogether would be one of my first changes since it's where historically 90%+ of it's security holes originate! Again nobody learned the lesson of phpBB 2.x and NeverNoSanity/Santy.

Much like Dreamweaver, HTML 5, OOCSS, HTML/CSS frameworks, jQuery, and a whole host of other web technologies that have become accepted practice, I cannot fathom how ANYONE is DUMB ENOUGH to use Turdpress on anything important! It is insecure by design, and 'fixing' it involves throwing the entire mess of half-assed idiotic BS in the trash and starting over clean.

 

Just checked a few of my wp sites on hostgator. They look fine.

Several years 3 of my hostgator wp sites were hacked and hostgator fixed things and just sent me an email. So it is important to have a good host looking out for you.

There is also a plug in that I use to totally back up my wp sites. It produces a zip file that I download and save. Of course, I lose any posts beyond that point, but my site can be totally restored within minutes.

Also, most hosting companies do backups. In some cases I have had the host company restore my site to an earlier state before it was hacked.

 

Just checked my sites on HostGator too, they all seem fine to me :/

Off Topic: deathshadow, you seem like a very angry person