Hello friends, I've been web developer and master since 5+ years, but in last 2-3 weeks, my 4 website got haccked by some stupid hacker from the china.. Actually, the observing strange thing is my all website are with WP. So, i would like to ask a question that whatever the WP is 100% secure or not? I would also like to highlight that only index.php script has been changed on all page. So, as per my knowledge it must be something shell injection or shell script on mmy server. So, do you exper can think for me, how i can avoid it? Also, i have checked all my setting and permission of all my files and folders and i can not find and folder with and fault from where hacker can enter and uplod shell script.. Thanks for your advance expert suggestion.. More question/query for solving my doubts are welcome! As per my personal point of view and expirience about WP, its most secure application web industry ever have! - Daksh
I am not a Wordpress pro but more and more I have heard that it can be an easier target. Upgrade your plugins as often as possible and try to find out where your vulnerability is. I hope some more detailed and useful information is posted for you here soon.
I've helped a few people with hacked sites, and from what I observed, the attacks appeared to be through hosting/server or ftp vulnerabilities.
Improper permissions, especially on shared hosting, can make Wordpress seem more "insecure" than others. If you use a theme that had old PHP scripts in it, for instance TimThumb, will make you vulnerable Using insecure plugins from inexperienced authors and the plugins are not updated very quickly, will make you vulnerable. Keeping checksums of your themes may not be a bad idea because you can detect modification very quickly
hackers piss me off, I had a great article directory with over 50,000 articles, 10,000 plus authors and growing traffic and page rank when some hacker scumbag hacked the site for the few dollars of Adsense revenue. The problem was they also destroyed my page rank and I lost my traffic killing a couple of years of work- argh! I started a new article directory at article revival but I have to start building the site all over again. I would be interested in hearing what I need to do to make the site more secure. It seems crazy a hacker would waste an hour to steal a few dollars in revenue - if they are that good online, you would think they would build their own stuff instead of being destroyers.
Follow the instructions I have provided. I have been using Wordpress for over 5 years and never have been hacked or had a problem with it. Need any help? Send me a PM.