Go back to previous topic
Forum nameMain Community Discussion Board
Topic subjectWordPress exploit found
Topic URLhttp://www.fmwriters.com/community/dc/dcboard.php?az=show_topic&forum=17&topic_id=91069
91069, WordPress exploit found
Posted by MarFisk, Mon Jul-02-12 07:36 PM
My hubby pointed this out to me and I mentioned it on my goals post (securing the sites I support) and realized many of you might use WordPress too. Here's the article that tells what the problem is and how to fix it.

http://itpixie.com/2012/06/wordpress-exploit-alert-uploadify-php/#.T-l1PnB9krU

Also, Tigertech offers the reminder to remove old plugins and themes that you are not using because they can be breeding grounds for potential hacks and exploits and you won't notice until too late because you're not actively using them.
91070, RE: WordPress exploit found
Posted by jschara, Tue Jul-03-12 07:03 AM
I noticed this when I found a ton of 404 errors logged. I'm thinking I'm glad they didn't find those files.
91072, RE: WordPress exploit found
Posted by MarFisk, Tue Jul-03-12 01:48 PM
Sadly, that means that those files were findable before and probably used. TigerTech said they'd had to help out a few people affected already.
91081, RE: WordPress exploit found
Posted by jschara, Thu Jul-05-12 08:32 PM
I just checked, and none of those files have ever been on my system. I've never used any of the plug-ins they are looking for.
91082, RE: WordPress exploit found
Posted by MarFisk, Fri Jul-06-12 01:16 AM
Good :). Of the umpteen sites I've checked, only one had them so far, but it's worth knowing.
91087, RE: WordPress exploit found
Posted by jschara, Fri Jul-06-12 05:06 PM
I think it helps that if I'm not using a plug-in, I delete it. The newer WP feature of automatically offering to update plug-ins helps, too.

I probably use more plug-ins than I should, but I do try to limit the ones I do use. The most I use is 12, and I'm looking for ways to reduce that number.
91089, RE: WordPress exploit found
Posted by MarFisk, Fri Jul-06-12 09:42 PM
Yes, the auto update is one of the reasons I recommend wp, especially to non-techies.
91071, RE: WordPress exploit found
Posted by worthywoman, Tue Jul-03-12 11:40 AM
Thank you so much for this! Now that I am not a student anymore, and I need to pay attention to this kind of nonsense…

Lisa S – Beginning Again!
91073, RE: WordPress exploit found
Posted by MarFisk, Tue Jul-03-12 01:48 PM
Glad to help :).
91074, RE: WordPress exploit found
Posted by Dreamerscove, Tue Jul-03-12 02:31 PM
Thanks for the note. As those in Chat know, my wordpress site was hacked into on June 29th. A very unhappy day.

I went through the link you provided, but did not find in the list anything that I used, but they still got in. The one thing that saved me was that I did a backup of the website not long ago.

So, backup often. Use a different user account to post than what you use as an Admin. Use strong passwords. There are also a number of good free Wordpress plugins to use to enhance security. Delete any unused themes and plugins as suggested. Keep your Wordpress and themes and plugins up-to-date with the latest versions.

I hope no one has to do what I did to get their website clean again.
91076, RE: WordPress exploit found
Posted by MarFisk, Tue Jul-03-12 06:22 PM
Ouch. Yes, hackers always find a way in somehow, but the more you can keep your site secure, the more likely they'll find an easier target.