Quote:
Originally Posted by Seth Manson
Fuckers hacked my WP Super Cache plugin and injected an iframe that loads outside of the browser's viewable area, img src'd a shitload of websites and youtube videos, made the status bar go nuts, and blasted my speakers with like 30 videos loading all at the same time.
I removed all plugins, installed a new plugin to export my whole site as static html, and said goodbye to wordpress on 50 websites.
This is just since last night.
|
Wow, that is pretty intense. Luckily, we have fared well, though, Charles is very good at securing our shit.
but yeah, WP is quite vulnerable.
Things to note for other users worried about WP security:
1. Pay attention to what folder permissions are being given to certain plugins, if its too insecure, don't use them
2. Keep your plugins and themes UP TO DATE. Use child themes for any customizations so that when updates to themes happen, your site doesn't break.
3. Be weary of any custom Javascript or PHP you do, keep it tight and know what you are doing if it accesses any database(s)
4. Be weary of plugins and themes that are not part of the Wordpress codex (ie, avail right from WP's site). For plugins and themes that you obtain from outside sources, understand what they do, make sure you can trust the company providing them and don't EVER buy from a retailer that is just re-branding and selling the same plugins avail elsewhere.
5. If the source-code is protected, chances are good that the plugin phones-home. Avoid, unless you trust the source.