Latest Posts

Are WordPress blogs more likely to be hacked?

It probably feels that way to the bloggers using WordPress who have discovered that their sites have become spam buckets, after a worm took...

General election uncertainty sets news cycle spinning

The intensity of the general election media coverage in these opening weeks of the formal campaign reflects the public interest in an outcome that...

Property fund turmoil continues as three more firms cut value

Shopping centres, office blocks and warehouses worth up to £5bn could be put up for sale as the turmoil in the UK commercial property...

Colombia arrests army general decade after killing of civilians

Colombia has arrested an army general for his role a decade ago in the killing of civilians presented as guerrillas killed in combat, the...

Are WordPress blogs more likely to be hacked?

It probably feels that way to the bloggers using WordPress who have discovered that their sites have become spam buckets, after a worm took advantage of known vulnerabilities in recent versions of the popular blogging software.

We don’t know how many blogs have been compromised, but as blogging journalist Adam Tinworth wrote: By Saturday, tech celebs from Robert Scoble to Andy Ihnatko got hacked. Twitter was full of the wails of the hacked, and the retweetings of the warning.

Mullenweg-001

The worm registers a user, uses a security bug (fixed earlier in the year) to allow evaluated code to be executed through the permalink structure, makes itself an admin, then uses JavaScript to hide itself when you look at [the] users page, attempts to clean up after itself, then goes quiet so you never notice while it inserts hidden spam and malware into your old posts, according to Matt Mullenweg, founding developer of WordPress.

Auttomatic, the company behind WordPress, discovered the latest vulnerability on 11 August and offered a patch the next day. Blogs hosted on WordPress.com are running the latest version of the software and were unaffected.

There is a joke that you know when a site or bit of social media software like WordPress becomes successful when it gets spammed. A positive spin on this worm is that WordPress has become successful enough to warrant the attention of coding malcontents, but for those affected, it’s difficult to find a silver lining when they have to spend hours cleaning up compromised blogs.

Security analyst David Kierznowski at BlogSecurity has a list of more than two dozen known vulnerabilities in all versions of WordPress. A 2007 survey of 50 WordPress by Kierznowski found that only one of the sites was running the latest version of the software, leading him to warn that the WordPress community was vulnerable to attacks. So maybe the question isn’t whether WordPress is more likely to be hacked but whether WordPress users are less likely to upgrade.

 

Related Articles : 

Mullenweg told the Guardian: Our success has definitely brought more people into the community both improving the code and looking for ways to exploit it. It’s unlikely an in-house Cm [content management system] project or smaller software would have the quality or quantity of developers WordPress does, and ‘security through obscurity’ of the code being private is not an effective protection.

But the anxiety that this attack – one of a number in the past year against WordPress – has engendered may create enough concern for someone to spot the chance to create a rival product. Mullenweg agrees that this is a unique opportunity – though that may be just to tempt people to move to Auttomatic‘s hosted offering. Kevin Anderson

Latest Posts

Are WordPress blogs more likely to be hacked?

It probably feels that way to the bloggers using WordPress who have discovered that their sites have become spam buckets, after a worm took...

General election uncertainty sets news cycle spinning

The intensity of the general election media coverage in these opening weeks of the formal campaign reflects the public interest in an outcome that...

Property fund turmoil continues as three more firms cut value

Shopping centres, office blocks and warehouses worth up to £5bn could be put up for sale as the turmoil in the UK commercial property...

Colombia arrests army general decade after killing of civilians

Colombia has arrested an army general for his role a decade ago in the killing of civilians presented as guerrillas killed in combat, the...

Don't Miss

Hitler’s car exerts grim fascination even if it just gave the Führer a lift to the airport

It’s a warm, dry afternoon in the mountains of Coto de Caza, a gated community located an hour’s drive south-east of Los Angeles, and...

Fiat Chrysler recalls 8,000 more Jeeps over wireless hacking

Fiat Chrysler Automobiles (FCA) has recalled a further 7,810 Jeeps affected by a widely reported bug that allows an attacker to wirelessly seize control...

Renault, JLR, Nissan and Toyota drive car industry towards sustainability

Given its heavy reliance on raw material and legislative duties that place emphasis on the reuse and recycling of end-of-life vehicles, Europe's automotive industry...

Bahrain Institute raises concerns of human rights abuse with FIA

The Bahrain Institute for Rights and Democracy has written to Jean Todt, president of Formula One’s governing body, the FIA, raising its concerns about...

Researchers fear the terror threat from automobiles

Which kind of robot will be the first to arise and smite us? A study called Experimental Security Analysis of a Modern Automobile suggests...

Stay in touch

To be updated with all the latest news, offers and special announcements.