|
Is Wordpress a TICKING TIME BOMB?
Interesting thesis at http://www.ixdownload.com/news/wordp...protected.html
Old WP installs + malware scanners + exploits = malware distribution enabling sites (via redirect) Do most hosts do automated WP upgrades/updates? |
Quote:
even a simple theme may not work between versions, worst for pluggings, much worse for custom things |
bump bump
|
i think it is...
|
i really think yes, if they find some exploit, it can be millions of sites down fucked "sharing" malware shit
|
hmmmm......I start to worry about this :smokin
|
Not only malware. Could be all kinds of stuff.
Child pornography, chat servers... |
Too bad for the rogues it's such a solid piece of work.
|
Quote:
|
Quote:
|
Most scripts that are not custom written are potential ticking time bombs, be it Wordpress, Joomla, Drupal or any other system running in obsolete version. There's still a huge amount of online stores running on outdated versions of Joomla and Virtuemart, which are vulnerable for attacks.
With updating to newer versions, there are two problems that are both costly and time consuming to be solved. First of all, many extensions are not written properly, utilize hacks and exploit bugs specific to a single subversion of a script. Secondly, in many cases some features and functions can not be achieved by templating system and that's when some core CMS files are being changed and tweaked, making the system hard to update without breaking its functionality... |
be smart, ive never had a wp site comprimised, lots of ways to protect the site
|
Dreamhost has auto updates as an option but you have to switch it on manually.
I guess the wordpress installs they run for you also update automatically (That's another option when you create one) |
Quote:
Nothing 'broke'. I am going through the code and upgrading all the obsolete functions, though. And I've never had a WP site compromised. Take some basic steps in protecting it, though, as in, don't prefix your tables with "wp_". Close your eyes and hit the keyboard. Mine is similar to "faiufs98sgfrngsri_". :) |
Malware and exploits sure suck. Good luck.
|
http://securewordpress.com/
Came across this link a few weeks back, some pretty good info on securing your WP site. |
My host requires manual updating on all their packaged installs. That's a good thing because all my shit is tweaked and custom. An auto-upgrade would not be cool. (although I don't use WP)
|
IMHO old releases are less vulnerable than new releases (off course if secured well and fixed). Every new release is a potential danger of security break. None of my wp installs was hacked yet and I don't have any spam as well.
|
Quote:
Also, WP historically has been pretty good about releasing security updates quickly, within hours of major releases sometimes. |
Quote:
|
Quote:
|
Wordpress, no matter how often it is updated, is precisely that.
|
its mainly these virtual hosts problem with running out of date software, hence why you should have your own vps or dedicated
|
Quote:
|
As well as just things like keeping it up to date - which applies to any packaged script - how many people just install any old plugin off of a completely random site that they find it on with no idea what it is actually going to do and no understanding of code?
|
Quote:
Ask any of your managed host providers what they feel about WordPress. If you're lucky, you'll get a passive-aggressive shrug. |
WP runs some some of the largest sites on the Internet without any issues or hacks. Don't use a lot of trash/unknown plugins, keep your skin clean and simple as possible, keep your wp updated. Then secure it, remove the header wp tags, pw protect the admin, shut comments off on old posts, and instead of blocking IP's in WP block them through the .htaccess file.
|
Quote:
|
| All times are GMT -7. The time now is 02:08 AM. |
Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2025, vBulletin Solutions, Inc.
©2000-, AI Media Network Inc