{"id":467,"date":"2008-01-08T11:04:34","date_gmt":"2008-01-08T10:04:34","guid":{"rendered":"http:\/\/www.itwriting.com\/blog\/?p=467"},"modified":"2008-01-08T11:04:34","modified_gmt":"2008-01-08T10:04:34","slug":"detailed-look-at-a-wordpress-hack","status":"publish","type":"post","link":"https:\/\/www.itwriting.com\/blog\/467-detailed-look-at-a-wordpress-hack.html","title":{"rendered":"Detailed look at a WordPress hack"},"content":{"rendered":"

Angsuman Chakraborty’s technical blog suffered a similar attack to mine – the malicious script was the same, though the detail of the attack was different. In my case WordPress was attacked via Phorum. Chakraborty offers a detailed look at how his site was compromised<\/a> and makes some suggestions for improving WordPress security.<\/p>\n

In both these cases, WordPress was not solely to blame. At least, that is the implication. Chakraborty thinks his attack began with an exploit described by Secunia<\/a>, which requires the hacker first to obtain access to the WordPress password database, via a stray backup or a SQL injection attack. Nevertheless, Chakraborty says:<\/p>\n

\n

One of the challenges with WordPress is that security considerations were mostly an afterthought (feel free to disagree) which were latched on as WordPress became more and more popular.<\/p>\n<\/blockquote>\n

I have huge respect for WordPress. Nevertheless, I believe its web site could do better with regard to security. The installation instructions<\/a> say little about it. You really need to find this page<\/a> on hardening WordPress. It should be more prominent.<\/p>\n

Technorati tags: wordpress<\/a>, security<\/a><\/div>\n","protected":false},"excerpt":{"rendered":"

Angsuman Chakraborty’s technical blog suffered a similar attack to mine – the malicious script was the same, though the detail of the attack was different. In my case WordPress was attacked via Phorum. Chakraborty offers a detailed look at how his site was compromised and makes some suggestions for improving WordPress security. In both these … Continue reading Detailed look at a WordPress hack<\/span> →<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[44,75,79,96],"tags":[],"class_list":["post-467","post","type-post","status-publish","format-standard","hentry","category-internet","category-security","category-software","category-web-authoring"],"_links":{"self":[{"href":"https:\/\/www.itwriting.com\/blog\/wp-json\/wp\/v2\/posts\/467","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.itwriting.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.itwriting.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.itwriting.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.itwriting.com\/blog\/wp-json\/wp\/v2\/comments?post=467"}],"version-history":[{"count":0,"href":"https:\/\/www.itwriting.com\/blog\/wp-json\/wp\/v2\/posts\/467\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.itwriting.com\/blog\/wp-json\/wp\/v2\/media?parent=467"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.itwriting.com\/blog\/wp-json\/wp\/v2\/categories?post=467"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.itwriting.com\/blog\/wp-json\/wp\/v2\/tags?post=467"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}