[wp-hackers] wordpress security

Sharon Chambers sharon at BrewerRadio.com
Fri Oct 16 14:51:00 UTC 2009

AFAIK, we were running the latest version of Wordpress.  I upgrade routinely whenever there's a new version.  And we've since changed all DB and FTP passwords; we'll update the admin passwords when the site comes back up.  I realize nothing's fool-proof when it comes to internet security.

Just to be clear, I wasn't bashing Wordpress security; I merely wanted the advice of the people I've come to respect here when it comes to Wordpress.  And my hosting provider knows jack squat about the problem (as per usual--she actually suggested that I had an incompatible theme and I needed to disable that folder via FTP), so it appears the earlier mention of them blaming Wordpress as a last resort seems reasonable.

As always, downtime gives you those few hours to contemplate security more than you have in the past year...just wanted to make sure I covered all my bases.


-----Original Message-----
Recently (last month), there was a lot of people getting their sites
hacked. The hackers exploited a problem that existed in WordPress
2.8.2 (and which was fixed in 2.8.3). WordPress was already up to
version 2.8.4, so the only people who got really hit hard were those
who failed to upgrade. WP 2.8.3 came out in August, so there was a
good month or two of lead time before hackers actively exploited the
problem that had already been fixed. Why didn't people upgrade within
that month? Good question.

More information about the wp-hackers mailing list