WordPress Blog Hacking Prevention

Hello there! If you are new here, you might want to subscribe to the RSS feed for updates on this topic.

wordpress security lock Are you running a WordPress blog on your website space? If Yes, better be careful as it may be opened to hackers. However, there are some methods of prevention shared by fellow blogger; AshChuan. Her blog was recently hacked into on January 24 and luckily no data was loss.

She wrote in another post later of tips she found from Matt Cutts (Google employee) to your protect WordPress blog. And I seriously never noticed how much WordPress may be lacking in security.

Try entering this into your browser window (or new tab) – replace where necessary:

http://www.your-domain.com/wp-content/plugins/

You’ll find that your WordPress plugins list is actually open for the whole Internet to see. This seriously was a shocker for me. And it was one of the steps the hacker used to hack Ashley’s blog. By gaining access to the WordPress plugins, the hacker exploited one of the buggy plugins; wordpress forum plugin v1.7.4 by fredrik fahlstad.

According to Ash, the plugin allowed a hacker to perform a remote sql injection exploit. She reported the hacker gained access into her WordPress blog admin and changed her password. Luckily, the database wasn’t damaged from the incident.

Matt Cutts said by uploading an ordinary index.html prevents a person from loading your plugins list. I’ve done it and works like a charm. However, I’m now worried of other possible folders accessible as I’ve tested.

If you’d like to further secure your WordPress blog, there’s a. .htaccess method you can perform. The details could either be gotten from AshChuan’s blog or Matt Cutts blog.

Any other WordPress security measures you would like to share?

Updated: January 3, 2008
Geminigeek shared by adding Options -Indexes to your .htaccess is an easier way than creating index.html in all the WordPress folders.

You will find the .htaccess in your blog directory – folder you installed your blog. Otherwise, you’ll need to create a new .htaccess file.

[tags]Wordpress hack, Hacking wordpress, WordPress plugin bug[/tags]

Posted by dannyfoo on January 29, 2008 | Filed Under Blog Lessons | 14 Comments |

Comments

Have something to say? Leave a comment

Nuffnang Column
Follow Danny
About This Blog

Hello and welcome to Websites Made Simple. I'm Danny Foo and this is my Malaysia website design blog. I also co-founded a registered Malaysia website design company; Simpleet Solutions.
Tools of The Trade
Categories
Downloads
Twit Twit

RT @gigaom: Akamai’s Blaze buy and what is says about today’s web http://t.co/911SE4a2 6 hours ago
RT @mashable: LinkedIn Is Buying Smart Email Startup Rapportive [REPORT] - http://t.co/GnOJajGY 6 hours ago
Agreed. “@goldfries: RM 10k is not enough to get you a #nikon D800 because you need to budget for a good lens to pair with it. #photography 7 hours ago
Seems like I'm noticing more things. The new Wordpress month selector to schedule post confused me for a minute. http://t.co/vxQBru50 7 hours ago
Damn it. Kept moving my mouse to the corner thinking I've Expose. LOL! 7 hours ago

Follow Danny on Twitter

WordPress Blog Hacking Prevention

Comments

Nuffnang Column

Follow Danny

About This Blog

Tools of The Trade

Categories

Downloads

Twit Twit

Recent Posts

Older

My Delicious Bookmarks

Find It

Admin

WordPress Blog Hacking Prevention

Comments

Other articles you should have read:

Nuffnang Column

Follow Danny

About This Blog

Tools of The Trade

Categories

Downloads

Twit Twit

Recent Posts

Older

My Delicious Bookmarks

Find It

Admin