Why Is Wordpress Easy To Hack

Discussion in 'Wordpress' started by CarpCharacin, Oct 26, 2016.

  1. Tracy Perry

    Tracy Perry Opinionated ass-hat

    4,808
    462
    +3,270
    the "getting traffic" is a minimal issue. When you have a bot system using it to issue attacks it can bring a site down.
    Sucuri's article gives some information a small one
    The Layer 7 attack vector it uses is a little harder to protect against without some work.
    There is a list of some known sites that have not disabled it and have been used in attacks.. that's what is included in the article I have at https://servinglinux.com/articles/entry/3-ipset-to-block-ip-s-via-csfpre-sh/ for CSF ipset use.
     
    Last edited: Oct 26, 2016
  2. TrixieTang

    TrixieTang Politically Incorrect

    8,456
    1,522
    +2,676
    Good for you!
     
    • Funny Funny x 2
    • Like Like x 1
    • List
  3. pierce

    pierce Habitué

    1,097
    232
    +673
    Serious WordPress people should host with WordPress or use a web application firewall.

    WordPress is also easy to download and anybody can read through the source. As such anybody can develop attacks which can be easily verified on their local computer.

    If I was a webhost I dunno how I would keep up with the number of WordPress installs.
     
  4. ManagerJosh

    ManagerJosh Adherent

    307
    105
    +112
    At work, we perform DDoS attacks - 100% authorized though.
     
    • Something Fishy! Something Fishy! x 1
    • Informative! Informative! x 1
    • List
  5. pierce

    pierce Habitué

    1,097
    232
    +673
    Commercial botnets
     
  6. ManagerJosh

    ManagerJosh Adherent

    307
    105
    +112
    I would go through everyone's wp-config.php's and add the following line:

    PHP:
    define'WP_AUTO_UPDATE_CORE'true );
    It would force automatic updates constantly to the core.

    If I'm really anal about wordpress security, I would also add:

    PHP:
    add_filter'auto_update_theme''__return_true' );
    add_filter'auto_update_plugin''__return_true' );
     
    • Agree Agree x 2
    • Like Like x 1
    • List
  7. aesthetiqclinic

    aesthetiqclinic Aspirant

    31
    8
    +1
    Wordpress is easy to hack only when you are using nulled themes. because using nulled themes you open backdoor for your website from where a hacker can easily enter and hack your website easily. Basically it is secure but when you are not using any security plugin or using nulled themes you will get your website hacked.
     
  8. zappaDPJ

    zappaDPJ Administrator

    6,097
    1,212
    +4,528
    Legitimately bought themes are just as vulnerable, especially when they rely on scripts such as TimThumb. In fact the only site I've ever had hacked occurred after I installed a premium theme from RocketTheme which came supplied with an outdated version of the aforementioned plugin.
     
Verification:
Draft saved Draft deleted
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.