I thought that bloggers who did not use WordPress as their preferred publishing platform due to security risks were a little paranoid, I was wrong. In fact I was proven dead wrong the other day when one of my websites was hacked. As much as I like WordPress, I think the dislike is growing stronger with every passing day.
This is particularly troubling because in my case it was one of those “good hackers”- unfortunately unlike Ray, I am not too interested in updating my WordPress just yet. It all looks way too suspicious to me. I know that I am being paranoid, but I can’t help but suspect “the most important Matt on the web” and his companions to have something to do with it.
I am not sure if this recent hack was related to vulnerability of wp-config.php file, but according to Dane, by default, WordPress becomes very attractive to hackers. Dane also gives a solution of how moving some sensitive info out of your wp-conifg.php file can improve your WordPress security.
I recommended Dane’s blog to my readers on several occasions, he is a true master of “WordPress Troubleshooting”- and his solution for wp-config.php file is quite brilliant. Thanks Dane!
Sorry to hear about getting hacked.
There is no paranoia, stories of wordpress installs getting hacked are a dime a dozen.
On the other hand, there are very few stories of something like typepad being hacked.
Mark,
Believe it or not it happen the same day I asked you about Group Platform. How ironic!
It really sucks though. I understand why you are programing your own blogs.
I feel you pain. I was hacked earlier this year, and actually they got into several of my niche blogs and converted them into phishing sites. I lost a LOT of hard work and some significant income.
WordPress suffers from the same main security flaw as Internet Explorer. The flaw is market share dominance. Sure you could spend time writing code to compromise Safari or Opera, or TypePad or dBlogger, but there aren't that many people using them in comparison. The best bang for the buck, and them most likely you are to get a lot of blogs (or browsers) and to have a lot of them still using the insecure older versions after updates are left is to target the ones with the most market share.
That is why it's so important that you stay on top of upgrades. And not just to WP itself, but to plugins you are using. plugins can be compromised and if not updated, they leave security holes into your blog.
Dane,
To be honest I just way too lazy, I generally wait until the upgrade is available via Fantastico- yeah I know.
The other part is that I ran into problems a few times that themes were not compatible with the latest updates, and the theme authors did not care either. Are you releasing any of your themes soon?
That doesn't mean typepad is safe. Let me give you an example…
If you choked eating a pretzel, would anyone know / care? But… if President Bush choked eating a pretzel, the whole world would hear about it.
So the point is, the more popular you are, the more coverage you will get.
you also might not be hearing about typepad folks getting hacked because people on typepad aren't getting hacked!
Sorry to hear about getting hacked.
There is no paranoia, stories of wordpress installs getting hacked are a dime a dozen.
On the other hand, there are very few stories of something like typepad being hacked.
Mark,
Believe it or not it happen the same day I asked you about Group Platform. How ironic!
It really sucks though. I understand why you are programing your own blogs.
Mark,
That may be true, however I think WordPress outperforms most of the other platforms, yes you need an arsenal of plugins to get things the way you want them to be but at the end of the day there is a reason why WordPress is so popular.
I don't know I am not convinced either way. At least I know WordPress better by now, I hate to spend any more time on all sorts of learning curves, especially one's that can be avoided. I am getting old. lol
I feel you pain. I was hacked earlier this year, and actually they got into several of my niche blogs and converted them into phishing sites. I lost a LOT of hard work and some significant income.
WordPress suffers from the same main security flaw as Internet Explorer. The flaw is market share dominance. Sure you could spend time writing code to compromise Safari or Opera, or TypePad or dBlogger, but there aren’t that many people using them in comparison. The best bang for the buck, and them most likely you are to get a lot of blogs (or browsers) and to have a lot of them still using the insecure older versions after updates are left is to target the ones with the most market share.
That is why it’s so important that you stay on top of upgrades. And not just to WP itself, but to plugins you are using. plugins can be compromised and if not updated, they leave security holes into your blog.
Dane,
To be honest I just way too lazy, I generally wait until the upgrade is available via Fantastico- yeah I know.
The other part is that I ran into problems a few times that themes were not compatible with the latest updates, and the theme authors did not care either. Are you releasing any of your themes soon?
That doesn’t mean typepad is safe. Let me give you an example…
If you choked eating a pretzel, would anyone know / care? But… if President Bush choked eating a pretzel, the whole world would hear about it.
So the point is, the more popular you are, the more coverage you will get.
you also might not be hearing about typepad folks getting hacked because people on typepad aren’t getting hacked!
I agree wordpress has many advantages.
This post was about security that's why i was mentioning the typepad alternative.
If you are suggesting a “secure” solution for somebody I don't think wordpress should be the first thing you mention.
Mark,
That may be true, however I think WordPress outperforms most of the other platforms, yes you need an arsenal of plugins to get things the way you want them to be but at the end of the day there is a reason why WordPress is so popular.
I don’t know I am not convinced either way. At least I know WordPress better by now, I hate to spend any more time on all sorts of learning curves, especially one’s that can be avoided. I am getting old. lol
I hear you Mark,
But I also have to agree with “Maestro” on WordPress being the most popular one:
http://www.problogger.net/archives/2006/01/18/b…
If I were a hacker I would probably be more tempted by “bigger fish”- which doe not explain why my site was hacked.
Oh well I am going to sleep on it.
I agree wordpress has many advantages.
This post was about security that’s why i was mentioning the typepad alternative.
If you are suggesting a “secure” solution for somebody I don’t think wordpress should be the first thing you mention.
I hear you Mark,
But I also have to agree with “Maestro” on WordPress being the most popular one:
http://www.problogger.net/archives/2006/01/18/blog-platforms-poll-results/
If I were a hacker I would probably be more tempted by “bigger fish”- which doe not explain why my site was hacked.
Oh well I am going to sleep on it.
Well, I've kind of put theme development on a back burner. I've got five or so nearly completed themes but haven't made the time to polish them. I've been working on my niche marketing membership blog mostly of late, trying to get the value I want into it without the workload it's turning into on me.
But I could probably whip something up for you if you gave me an idea what you were looking for.
It's really a shame that a theme ever “breaks”. Template tags are deprecated for several versions before they are removed, so it isn't like it was a surprise to anyone that tags they were using were going away.
“yes you need an arsenal of plugins to get things the way you want them'
You know, I used to have loads and loads of plugins, but as time goes by, I'm selecting them with more critical thought. I'm using fewer and fewer of them. I've probably eliminated over 75% of the number of plugins I was using a year ago. When you consider how many more there are now, that's something. I really ask myself if a plugin will actually add traffic, conversion or user value to my blog before I even consider trying it these days. i'm getting really minimalist about it, and honestly, it's early days for some of the changes I'm making, but it seems to be making things better at the start.
Well, I’ve kind of put theme development on a back burner. I’ve got five or so nearly completed themes but haven’t made the time to polish them. I’ve been working on my niche marketing membership blog mostly of late, trying to get the value I want into it without the workload it’s turning into on me.
But I could probably whip something up for you if you gave me an idea what you were looking for.
It’s really a shame that a theme ever “breaks”. Template tags are deprecated for several versions before they are removed, so it isn’t like it was a surprise to anyone that tags they were using were going away.
“yes you need an arsenal of plugins to get things the way you want them’
You know, I used to have loads and loads of plugins, but as time goes by, I’m selecting them with more critical thought. I’m using fewer and fewer of them. I’ve probably eliminated over 75% of the number of plugins I was using a year ago. When you consider how many more there are now, that’s something. I really ask myself if a plugin will actually add traffic, conversion or user value to my blog before I even consider trying it these days. i’m getting really minimalist about it, and honestly, it’s early days for some of the changes I’m making, but it seems to be making things better at the start.