Scobleizer - Latest Comments in I don’t feel safe with WordPress, hackers broke in and took things

Re: I don’t feel safe with WordPress, hackers broke in and took things

Ipotpal Laptopov — Sun, 18 Oct 2009 05:52:07 -0000

I agree with spidersilk on that too. It is a rich environment with several points of failure and wordpress is only one of them. I've had application hacks, malicious stuff installed and even a rootkit attack on my servers. It was even worse when I used managed servers since I had to depend on others to fix it which took more time.

Backing your data is always a good step of achieving an acceptable peace of mind level with web endeavors.

Re: I don’t feel safe with WordPress, hackers broke in and took things

ScottW — Sun, 27 Sep 2009 11:14:47 -0000

Sorry for the very late reply Viki and thanks for the heads up on it working on the latest version. ;)

Re: I don’t feel safe with WordPress, hackers broke in and took things

tychoish — Fri, 18 Sep 2009 09:20:27 -0000

is moving to posterus, which is indeed a great service, but is none the less a hosted provider on a service that you don't control, more secure?

I think we could hash through the dynamics of this security problem (e.g. posterous, running your own server, etc) at some length, but I'm not sure if that discussion would be particularly useful...

Re: I don’t feel safe with WordPress, hackers broke in and took things

orange_county_seo — Wed, 16 Sep 2009 17:23:59 -0000

Mitch,

Thanks for sharing that plugin. I have a ton of clients who use Wordpress, and one had her site hacked as well. The host did restore the backup, but I know of other folks who have more of a DIY setup like Robert had.

Re: I don’t feel safe with WordPress, hackers broke in and took things

While1 — Sat, 12 Sep 2009 14:07:09 -0000

Oh, Hackers! They are very terrible. Fortunately you wrote this post. So amateur wordpress users like me learned this event. I will backup my blog. Very thank you.

Do you know any blog site better than wordpress?

Re: I don’t feel safe with WordPress, hackers broke in and took things

Syed Balkhi — Fri, 11 Sep 2009 15:07:12 -0000

It's really sad to hear that happened to you Robert. Make sure that you always keep a backup of WordPress. I suggest use WP-DB plugin and set a 24 hour daily backup emailed to you.

Also look at this article for further ways to securing your WP-Admin

http://www.wpbeginner.com/w...

Re: I don’t feel safe with WordPress, hackers broke in and took things

Allen Harkleroad — Fri, 11 Sep 2009 10:32:02 -0000

This is exactly the sort of reason why I prefer asp.net applications such as BlogEngine.Net. PHP seems to get hacked a *lot* more than asp.net applications. Don't get me wrong I like FOSS, but refuse to use PHP as a web server platform.

Re: I don’t feel safe with WordPress, hackers broke in and took things

Krishna Prasad — Thu, 10 Sep 2009 14:05:50 -0000

As a Wordpress blogger who can't upgrade (my dashboard doesn't have that facility for whatever reason), I must say I am pleasantly surprised to find Matt's comment at the very top here. I wrote to Wordpress several months ago with exactly the same complaint and I still haven't had the luxury of a response. It was very disappointing, but we live and we learn.

Re: I don’t feel safe with WordPress, hackers broke in and took things

John Myrstad — Thu, 10 Sep 2009 08:32:25 -0000

@Robert: Hopefully your ignorance when it comes to website security will hep lots of other people.

You run a hi-profile site, attractive to hack, with no security and then you get caught with your pants down and embarrassed. Twice.

Now the word goes around; dont do as Robert, be smart, do the basics and keep up to date, and lots of ignorant people understand why they have to take some responsibility to avoid problems.

So, once this happens, how do you feel safe again?

By investing one hour in checking your install/server security and by upgrading as you know you should do.

btw: Why did you not upgrade from 2.7.1 and what did you do prior to the hacking to secure your blog ?

Re: I don’t feel safe with WordPress, hackers broke in and took things

daveevans — Wed, 09 Sep 2009 19:23:26 -0000

Thanks.

Re: I don’t feel safe with WordPress, hackers broke in and took things

bencredible — Wed, 09 Sep 2009 18:59:46 -0000

I'm cheap and lazy so I use instantssl.com but there are a bunch that will work for you. Since the WP-Admin section is just to encrypt my password data and whatnot I opted for the lowest end cert as I don't need any badges, etc.

Re: I don’t feel safe with WordPress, hackers broke in and took things

daveevans — Wed, 09 Sep 2009 12:56:49 -0000

What SSL cert vendor should I look at, such a range of pricing, need a cheat sheet.

Re: I don’t feel safe with WordPress, hackers broke in and took things

BillPalm — Wed, 09 Sep 2009 11:21:03 -0000

Well, so nice post, haah! Your mind helps me so much! I'm not sure if you mind the thing I'll do here. Im an online seller for the Timberland shoes, Gucci shoes, Prada shoes and Gucci bags, Coach bags, Prada bags, they are the most hot items on my sites, are u interest in them?

Re: I don’t feel safe with WordPress, hackers broke in and took things

GodMode — Tue, 08 Sep 2009 14:17:50 -0000

Oh yes btw,

Wordpress Rocks.

Re: I don’t feel safe with WordPress, hackers broke in and took things

GodMode — Tue, 08 Sep 2009 14:11:06 -0000

There are a lot of ways to make your wordpress blog safe and secure. I think you should first look for these and then blame wordpress... else u'll b the one who'll look lame.

Do make sure that all of the loop holes are filled up and that your blog a great one.

Re: I don’t feel safe with WordPress, hackers broke in and took things

jonfr — Tue, 08 Sep 2009 13:02:50 -0000

I use wordpress to. But there is a diffrence between you and me. I get off my lazy ass and update my wordpress once in a while.

Re: I don’t feel safe with WordPress, hackers broke in and took things

Ahad Bokhari — Tue, 08 Sep 2009 05:13:14 -0000

Agree with you here man, especially with the nature of the web!

Re: I don’t feel safe with WordPress, hackers broke in and took things

Ahad Bokhari — Tue, 08 Sep 2009 05:12:33 -0000

Amiable of you Robert, I know you want to play the role (and thats great!) but if it eases your mind you should have someone monitor your blog and back it up for you periodically. Peace of mind is what matters most - besides you got other fish to catch and great posts to write.

Sure we are all techies at the end of the day, and i dont blame you for scratching that itch :-)

Re: I don’t feel safe with WordPress, hackers broke in and took things

Ahad Bokhari — Tue, 08 Sep 2009 05:04:54 -0000

Good points Erica..

Re: I don’t feel safe with WordPress, hackers broke in and took things

Ahad Bokhari — Tue, 08 Sep 2009 05:02:36 -0000

Its open source at the end of the day Mr. Scoble. Last versions of wordpress had an export to RSS WXR feature and the newer versions do as well.

Lots of other ways to back up but the above is the easiest. Interesting to see the structure in the exported file...

Re: I don’t feel safe with WordPress, hackers broke in and took things

$51740 — Mon, 07 Sep 2009 23:30:49 -0000

I have a diffierent point to make here. Why do you need the plugins? I have been reading you for years, and your blog design is not relevant. Content and comments are important. Then when you added things like that annoying Google Friend Connect visiting the site became less enjoyable. Anyhow thats why I am happy I am sticking with wp.com. Cloud hosting is no different than having your own server in that it takes tender love and constant care and 24 hour monitoring. Thats not what blogging is.

Re: I don’t feel safe with WordPress, hackers broke in and took things

Mark — Mon, 07 Sep 2009 23:03:55 -0000

I hope this entry shows up in this years Darwin awards...

Re: I don’t feel safe with WordPress, hackers broke in and took things

Jim Murphy — Mon, 07 Sep 2009 22:04:01 -0000

PostRank has a fairly extensive archive of your blog:
http://www.postrank.com/fee...

We have a full content archive as well - just the descriptions, titles dats are on the postrank app itself.

Lemme know if you'd like us to extract some posts - or even the entire archive and you can select the missing ones?

Ready a willing if you think it would help.

Re: I don’t feel safe with WordPress, hackers broke in and took things

studionashvegas — Mon, 07 Sep 2009 21:01:24 -0000

Robert,

Someone said it a few tweets down, but there's a really easy plugin down below that will automatically back up your blog to a server or email address, and you can schedule it to backup things once a week.

It's called WP-DB-Backup (http://wordpress.org/extend.... I'm running it on Jeremiah Owyang's blog, and it allows me to have a weekly backup of what's going on in case his site goes down. You guys are putting out so much great content that you really don't' have any other option but to make sure it goes somewhere safe.

I'll even help you set it up if you would rather it.

There are other measures you can take to make sure your site doesn't get hacked / make it harder to hack.

1). Set your permissions to disallow public writing (it makes your themes uneditable in the editor, but if you have FTP access go in and enable one at a time until you're done, then re-disable it).

2) Move your WordPress directory somewhere else. There are tutorials (like this one: http://codex.wordpress.org/... that show you how to set WordPress up to live in a subfolder, which you can name whatever you want, but have it live in the root directory (keep the root folders clean too)

3) Create a username that's not the default admin username, and delete the admin user. That's the first place they check because it's the default.

Simple stuff, takes minutes to do, but a stitch in time saves nine, I guess. Good luck in the recovery process, and if you need some advice let me know.

Re: I don’t feel safe with WordPress, hackers broke in and took things

Matt McInvale — Mon, 07 Sep 2009 17:04:12 -0000

unless there is some 0 day exploit they get hit with, it's not going to happen soon.