Why Is Wordpress Easy To Hack

Discussion in 'Wordpress' started by CarpCharacin, Oct 26, 2016.

  1. Tracy Perry

    Tracy Perry Opinionated ass-hat

    4,386
    412
    +2,964
    the "getting traffic" is a minimal issue. When you have a bot system using it to issue attacks it can bring a site down.
    Sucuri's article gives some information a small one
    The Layer 7 attack vector it uses is a little harder to protect against without some work.
    There is a list of some known sites that have not disabled it and have been used in attacks.. that's what is included in the article I have at https://servinglinux.com/articles/entry/3-ipset-to-block-ip-s-via-csfpre-sh/ for CSF ipset use.
     
    Last edited: Oct 26, 2016
  2. TrixieTang

    TrixieTang Politically Incorrect

    8,439
    1,522
    +2,637
    Good for you!
     
    • Funny Funny x 2
    • Like Like x 1
    • List
  3. pierce

    pierce Habitué

    1,025
    212
    +600
    Serious WordPress people should host with WordPress or use a web application firewall.

    WordPress is also easy to download and anybody can read through the source. As such anybody can develop attacks which can be easily verified on their local computer.

    If I was a webhost I dunno how I would keep up with the number of WordPress installs.
     
  4. ManagerJosh

    ManagerJosh Adherent

    298
    75
    +111
    At work, we perform DDoS attacks - 100% authorized though.
     
    • Something Fishy! Something Fishy! x 1
    • Informative! Informative! x 1
    • List
  5. pierce

    pierce Habitué

    1,025
    212
    +600
    Commercial botnets
     
  6. ManagerJosh

    ManagerJosh Adherent

    298
    75
    +111
    I would go through everyone's wp-config.php's and add the following line:

    PHP:
    define'WP_AUTO_UPDATE_CORE'true );
    It would force automatic updates constantly to the core.

    If I'm really anal about wordpress security, I would also add:

    PHP:
    add_filter'auto_update_theme''__return_true' );
    add_filter'auto_update_plugin''__return_true' );
     
Verification:
Draft saved Draft deleted