Get wired to win.

Is Wordpress safe enough?

Many of you Wired folks must have heard by now that multimediashooter.com is down for good after a hacker (with a special spot on hold in hell) attacked the site.

Pat Thornton over at the Journalism Iconoclast also tells us that Matt Waite decided to leave Wordpress after his site was hacked as well... to which Matt replies that he thinks WP is a victim of its own success. Hackers concentrate on that platform because they know it's gonna hurt a lot of people.

Personally, I immediately installed the backup plugin recommended by Mindy McAdams and set up automated weekly backups. But, I only started my site a few months ago, and I don't yet have the technical knowledge (or the time frankly) to change platforms for something that would likely be far less user-friendly and intuitive than Wordpress.

Are you thinking of leaving Wordpress? Do you know of easy alternatives that offer just as many features but are less prone to hackers? What do you do to protect and back up your site? And to the in-crowd out there, is WP doing anything extra to address the problem?

▶ Reply to This

Replies to This Discussion

Permalink Reply by Carlos Alonso on March 15, 2008 at 8:17am: Drupal is a more secure platform, but maybe it's too big and complicated just for one blog. Wordpress can be secure enough if you keep your plugins and platform updated, and follow some basic security rules. Just in case anything goes wrong, backup, backup, backup.; ▶ Reply to This

Permalink Reply by Isabelle Roughol on March 15, 2008 at 1:57pm: I already have weekly backups set up. Updating the platform is a smart idea; I'm the kinda person that never remembers to update stuff unless it starts flashing on my desktop asking me to. Does Wordpress have a system like that?
And what are the "basic security rules" you suggest?; ▶ Reply to This

Permalink Reply by Carlos Alonso on March 16, 2008 at 3:09am: 1) Yes. Wordpress warns you when there is a newer version since 2.1, I think. You should be able to see a yellowish message on the top of your admin panel. The current version is 2.3.3, but 2.5 (with major admin panel redesign) is due this week. Also, in the plugins activation page, if your plugins are listed in the official wordpress.com plugins directory (and most of them are), you'll see also when a plugin is outdated.

2) wp-database backup it's a useful but dangerous plugin, or at least it was some months ago. It could be really harmful for your blog and it has been an attack point before in wordpress blogs. Just think what a cracker could do with access to your database... I do my backups manually through PHPMyAdmin, but I understand that maybe not everyone can access directly to their admin panels or want to do that. On top of that, I only access my wp panel, admin panel or my site folders through ftp in computers that I can trust: mainly mine (ubuntu linux). Never in shared computers, and never store my passwords in my browser.

Here you can read a whitepaper focused on securing wordpress, with more detailed advises, like creating a limited user for writing posts, creating a new admin user and deactivate the default admin (for automatic exploits), etc. It's a must read if you are concerned about securing your blog, but don't get too worried about it, you are following the most important rule. If your backups are up-to-date, what does it matter if your site gets hacked? You only have to reinstall, and voilà!

PS. I almost forgot: it's really important to have a strong wordpress password, but if you have FTP access, it's even more important to have a really secure FTP pass, different than the wp pass.; ▶ Reply to This

Permalink Reply by Becky Hennessy on October 9, 2008 at 11:48am: Isabelle, thanks for the tip on the WP database backup plugin; I did read about Matt Waite's challenges.

I'm similar to you in that I'm just now setting up WordPress; in fact, I'm slogging through WordPress For Dummies now. I'm finding it very helpful, as I'm also setting up my own domain through Bluehost. It's all moving slowly -- I'm an editorial professional not a design expert -- but it is moving.

Probably for the same reasons you cited, I likely won't leave WordPress (I actually already left Blogger -- it's a bit too consumer-oriented and simplistic for me -- for WordPress). See the discussion, "What are the best CMS's for websites? What are the top 10?" at mediapro.foliomag for a good discussion on content management systems.

You can find very intelligent discussions on this and related topics at the Interaction Design Association (IXDA) site.

I can see that Carlos, for this discussion, is a pro -- thanks for the guidance! I've heard the same good things about Drupal and have been intending to check it out. I appreciate the reminder,Carlos; I'll also research your warning about that particular WP plugin.; ▶ Reply to This

Permalink Reply by Mark Hamilton on October 9, 2008 at 9:25pm: I've never had a problem with hackers, but I did have my blog go down once because of a huge number of database calls from spam bots. I reinstalled WP and added the Bad Behaviour plugin, which uses blacklists to pick off the bots before they hit the site. At the moment, BB is reporting that it has blocked 6,355 access attempts in the last seven days. At times that weekly number has been as high as 7-8,000 attempts.; ▶ Reply to This

RSS

Welcome to
Wired Journalists

Sign Up
or Sign In

About Wired Journalists

Ryan Sholin created this social network on Ning.

Create your own social network!

Where credit is due

Howard Owens and Zac Echola are the co-founders of Wired Journalists, sharing all the credit and blame with Ryan Sholin.

Patrick Thornton is around here somewhere, as well.

Contact any of us with questions, suggestions, or concerns.

Thanks!

Wired Journalists Badge

Get More Badges

Badges | Report an Issue | Privacy | Terms of Service