Is Wordpress a TICKING TIME BOMB? - GoFuckYourself.com

$5 submissions · 05-27-2010, 10:37 PM

Interesting thesis at http://www.ixdownload.com/news/wordp...protected.html

Old WP installs + malware scanners + exploits = malware distribution enabling sites (via redirect)

Do most hosts do automated WP upgrades/updates?

cgiGeek · 05-27-2010, 10:51 PM

Quote:

Originally Posted by $5 submissions

Interesting thesis at http://www.ixdownload.com/news/wordp...protected.html

Old WP installs + malware scanners + exploits = malware distribution enabling sites (via redirect)

Do most hosts do automated WP upgrades/updates?

you really cannot/should not automate WP upgrades/updates,
even a simple theme may not work between versions,
worst for pluggings, much worse for custom things

LoveSandra · 05-28-2010, 02:06 AM

bump bump

bbobby86 · 05-28-2010, 02:48 AM

i think it is...

seeandsee · 05-28-2010, 02:51 AM

i really think yes, if they find some exploit, it can be millions of sites down fucked "sharing" malware shit

Konkan · 05-28-2010, 02:52 AM

hmmmm......I start to worry about this

Davy · 05-28-2010, 03:25 AM

Not only malware. Could be all kinds of stuff.
Child pornography, chat servers...

The Duck · 05-28-2010, 03:28 AM

Too bad for the rogues it's such a solid piece of work.

Nurgle · 05-28-2010, 03:31 AM

Quote:

Originally Posted by The Duck

Too bad for the rogues it's such a solid piece of work.

your kidding right!

Marcus Aurelius · 05-28-2010, 03:34 AM

Quote:

Originally Posted by $5 submissions

Do most hosts do automated WP upgrades/updates?

No .

prezzz · 05-28-2010, 03:45 AM

Most scripts that are not custom written are potential ticking time bombs, be it Wordpress, Joomla, Drupal or any other system running in obsolete version. There's still a huge amount of online stores running on outdated versions of Joomla and Virtuemart, which are vulnerable for attacks.

With updating to newer versions, there are two problems that are both costly and time consuming to be solved. First of all, many extensions are not written properly, utilize hacks and exploit bugs specific to a single subversion of a script. Secondly, in many cases some features and functions can not be achieved by templating system and that's when some core CMS files are being changed and tweaked, making the system hard to update without breaking its functionality...

fris · 05-28-2010, 04:11 AM

be smart, ive never had a wp site comprimised, lots of ways to protect the site

Hentaikid · 05-28-2010, 04:30 AM

Dreamhost has auto updates as an option but you have to switch it on manually.

I guess the wordpress installs they run for you also update automatically (That's another option when you create one)

cyber · 05-28-2010, 06:59 AM

Quote:

Originally Posted by cgiGeek

you really cannot/should not automate WP upgrades/updates,
even a simple theme may not work between versions,
worst for pluggings, much worse for custom things

I just upgraded a blog that was running WP 2.0.2 to the newest version...

Nothing 'broke'. I am going through the code and upgrading all the obsolete functions, though.

And I've never had a WP site compromised. Take some basic steps in protecting it, though, as in, don't prefix your tables with "wp_". Close your eyes and hit the keyboard.

Mine is similar to "faiufs98sgfrngsri_".

fatfoo · 05-28-2010, 07:59 AM

Malware and exploits sure suck. Good luck.

Horny Dude · 05-28-2010, 09:38 AM

http://securewordpress.com/

Came across this link a few weeks back, some pretty good info on securing your WP site.

Amputate Your Head · 05-28-2010, 09:45 AM

My host requires manual updating on all their packaged installs. That's a good thing because all my shit is tweaked and custom. An auto-upgrade would not be cool. (although I don't use WP)

Cyber Fucker · 05-28-2010, 09:59 AM

IMHO old releases are less vulnerable than new releases (off course if secured well and fixed). Every new release is a potential danger of security break. None of my wp installs was hacked yet and I don't have any spam as well.

cyber · 05-28-2010, 10:54 AM

Quote:

Originally Posted by Cyber Fucker

IMHO old releases are less vulnerable than new releases (off course if secured well and fixed). Every new release is a potential danger of security break. None of my wp installs was hacked yet and I don't have any spam as well.

it takes a few seconds to google for vulnerabilities for older versions of any software. it takes a little more to find up-to-the-minute hacks for newer releases.

Also, WP historically has been pretty good about releasing security updates quickly, within hours of major releases sometimes.

$5 submissions · 05-28-2010, 01:35 PM

Quote:

Originally Posted by The Duck

Too bad for the rogues it's such a solid piece of work.

If updated, yes.

$5 submissions · 05-28-2010, 04:40 PM

Quote:

Originally Posted by Marcus Aurelius

No .

That's cause for concern. Although there might be a marketing opportunity here for hosting companies that have a lot of WP blogger customers. For a small fee they can do upgrades. As mentioned earlier though, the owner must be well aware re impact on themes/plugins that might not be able to handle the upgrade.

GrouchyAdmin · 05-28-2010, 05:06 PM

Wordpress, no matter how often it is updated, is precisely that.

fris · 05-28-2010, 05:20 PM

its mainly these virtual hosts problem with running out of date software, hence why you should have your own vps or dedicated

$5 submissions · 05-29-2010, 12:25 AM

Quote:

Originally Posted by GrouchyAdmin

Wordpress, no matter how often it is updated, is precisely that.

That would be extremely sad if true. WP is an awesome platform. It's just sad that blog owners feel like they are playing "whack a mole" with all these updates...

ottopottomouse · 05-29-2010, 03:35 AM

As well as just things like keeping it up to date - which applies to any packaged script - how many people just install any old plugin off of a completely random site that they find it on with no idea what it is actually going to do and no understanding of code?

GrouchyAdmin · 05-29-2010, 07:13 AM

Quote:

Originally Posted by $5 submissions

That would be extremely sad if true. WP is an awesome platform. It's just sad that blog owners feel like they are playing "whack a mole" with all these updates...

Shitty development, shitty code, so common it makes sense for blackhats to find a way to kill it.

Ask any of your managed host providers what they feel about WordPress. If you're lucky, you'll get a passive-aggressive shrug.

TheDoc · 05-29-2010, 07:35 AM

WP runs some some of the largest sites on the Internet without any issues or hacks. Don't use a lot of trash/unknown plugins, keep your skin clean and simple as possible, keep your wp updated. Then secure it, remove the header wp tags, pw protect the admin, shut comments off on old posts, and instead of blocking IP's in WP block them through the .htaccess file.

$5 submissions · 05-29-2010, 10:46 AM

Quote:

Originally Posted by ottopottomouse

As well as just things like keeping it up to date - which applies to any packaged script - how many people just install any old plugin off of a completely random site that they find it on with no idea what it is actually going to do and no understanding of code?

Exactly. Stay away from shady plugins.

05-27-2010, 10:37 PM	#1
$5 submissions I help you SUCCEED Industry Role: Join Date: Nov 2003 Location: The Pearl of the Orient Seas Posts: 32,195	Is Wordpress a TICKING TIME BOMB? Interesting thesis at http://www.ixdownload.com/news/wordp...protected.html Old WP installs + malware scanners + exploits = malware distribution enabling sites (via redirect) Do most hosts do automated WP upgrades/updates? __________________ Need a NON-ADULT income stream? We build your YOUTUBE CHANNEL for only $20 per video! For Hire: $3/hour or $400 per month Marketing Specialist Virtual Assistants

05-28-2010, 02:48 AM	#4
bbobby86 partners.sexier.com Industry Role: Join Date: Jan 2007 Location: San Francisco, CA Posts: 11,926	i think it is... __________________

05-28-2010, 02:51 AM	#5
seeandsee Check SIG! Industry Role: Join Date: Mar 2006 Location: Europe (Skype: gojkoas) Posts: 50,945	i really think yes, if they find some exploit, it can be millions of sites down fucked "sharing" malware shit __________________ BUY MY SIG - 50$/Year Contact here

05-28-2010, 02:52 AM	#6
Konkan Confirmed User Industry Role: Join Date: Jun 2008 Posts: 3,537	hmmmm......I start to worry about this __________________ Only one affiliate program for Pussy and Cash

05-28-2010, 03:25 AM	#7
Davy Confirmed User Industry Role: Join Date: Apr 2006 Location: Germany Posts: 4,323	Not only malware. Could be all kinds of stuff. Child pornography, chat servers... __________________ --- ICQ 14-76-98 <-- I don't use this at all

05-28-2010, 02:06 AM	#3
LoveSandra So Fucking Banned Join Date: Aug 2008 Location: Just Blow Me Posts: 10,551	bump bump

05-28-2010, 03:28 AM	#8
The Duck Adult Content Provider Industry Role: Join Date: May 2005 Location: Europe Posts: 18,243	Too bad for the rogues it's such a solid piece of work. __________________ Skype Horusmaia ICQ 41555245 Email [email protected]

05-28-2010, 03:45 AM	#11
prezzz Confirmed User Industry Role: Join Date: Jul 2004 Posts: 959	Most scripts that are not custom written are potential ticking time bombs, be it Wordpress, Joomla, Drupal or any other system running in obsolete version. There's still a huge amount of online stores running on outdated versions of Joomla and Virtuemart, which are vulnerable for attacks. With updating to newer versions, there are two problems that are both costly and time consuming to be solved. First of all, many extensions are not written properly, utilize hacks and exploit bugs specific to a single subversion of a script. Secondly, in many cases some features and functions can not be achieved by templating system and that's when some core CMS files are being changed and tweaked, making the system hard to update without breaking its functionality... __________________ TEMPLATEHYPE.COM - PREMIUM MECHBUNNY TEMPLATES Responsive Mechbunny templates now available - NEAT TUBE - REDDY TUBE

05-28-2010, 04:11 AM	#12
fris Too lazy to set a custom title Industry Role: Join Date: Aug 2002 Posts: 55,229	be smart, ive never had a wp site comprimised, lots of ways to protect the site __________________ Since 1999: 69 Adult Industry awards for Best Hosting Company and professional excellence. WP Stuff

05-28-2010, 04:30 AM	#13
Hentaikid Confirmed User Join Date: Nov 2002 Posts: 1,249	Dreamhost has auto updates as an option but you have to switch it on manually. I guess the wordpress installs they run for you also update automatically (That's another option when you create one)

05-28-2010, 07:59 AM	#15
fatfoo ICQ:649699063 Industry Role: Join Date: Mar 2003 Posts: 27,763	Malware and exploits sure suck. Good luck. __________________ Send me an email: [email protected]

05-28-2010, 09:38 AM	#16
Horny Dude Earn enough to buy coffee Industry Role: Join Date: May 2002 Location: San Diego, Ca. Posts: 4,912	http://securewordpress.com/ Came across this link a few weeks back, some pretty good info on securing your WP site. __________________

05-28-2010, 09:45 AM	#17
Amputate Your Head There can be only one Industry Role: Join Date: Aug 2001 Location: Somewhere else Posts: 39,075	My host requires manual updating on all their packaged installs. That's a good thing because all my shit is tweaked and custom. An auto-upgrade would not be cool. (although I don't use WP) __________________ SIG TOO BIG

05-28-2010, 09:59 AM	#18
Cyber Fucker Hmm Industry Role: Join Date: Sep 2005 Location: On an endless road around the world for rock and roll. Posts: 12,642	IMHO old releases are less vulnerable than new releases (off course if secured well and fixed). Every new release is a potential danger of security break. None of my wp installs was hacked yet and I don't have any spam as well. __________________ Last edited by Cyber Fucker; 05-28-2010 at 10:01 AM..

05-28-2010, 05:06 PM	#22
GrouchyAdmin Now choke yourself! Industry Role: Join Date: Apr 2006 Posts: 12,085	Wordpress, no matter how often it is updated, is precisely that. __________________ AIM: GrouchyGfy

05-28-2010, 05:20 PM	#23
fris Too lazy to set a custom title Industry Role: Join Date: Aug 2002 Posts: 55,229	its mainly these virtual hosts problem with running out of date software, hence why you should have your own vps or dedicated __________________ Since 1999: 69 Adult Industry awards for Best Hosting Company and professional excellence. WP Stuff

05-29-2010, 03:35 AM	#25
ottopottomouse She is ugly, bad luck. Industry Role: Join Date: Jan 2010 Posts: 13,177	As well as just things like keeping it up to date - which applies to any packaged script - how many people just install any old plugin off of a completely random site that they find it on with no idea what it is actually going to do and no understanding of code? __________________ ↑ see post ↑ 13101

05-29-2010, 07:35 AM	#27
TheDoc Too lazy to set a custom title Industry Role: Join Date: Jul 2001 Location: Currently Incognito Posts: 13,827	WP runs some some of the largest sites on the Internet without any issues or hacks. Don't use a lot of trash/unknown plugins, keep your skin clean and simple as possible, keep your wp updated. Then secure it, remove the header wp tags, pw protect the admin, shut comments off on old posts, and instead of blocking IP's in WP block them through the .htaccess file. __________________ ~TheDoc - ICQ7765825 It's all disambiguation Last edited by TheDoc; 05-29-2010 at 07:38 AM..