Why Is Wordpress Easy To Hack

Discussion in 'Wordpress' started by CarpCharacin, Oct 26, 2016.

  1. Tracy Perry

    Tracy Perry Opinionated ass-hat

    4,164
    377
    +2,793
    the "getting traffic" is a minimal issue. When you have a bot system using it to issue attacks it can bring a site down.
    Sucuri's article gives some information a small one
    The Layer 7 attack vector it uses is a little harder to protect against without some work.
    There is a list of some known sites that have not disabled it and have been used in attacks.. that's what is included in the article I have at https://servinglinux.com/articles/entry/3-ipset-to-block-ip-s-via-csfpre-sh/ for CSF ipset use.
     
    Last edited: Oct 26, 2016
  2. TrixieTang

    TrixieTang Custom User Title

    8,392
    1,522
    +2,552
    Good for you!
     
    • Funny Funny x 2
    • Like Like x 1
    • List
  3. pierce

    pierce Habitué

    1,016
    212
    +585
    Serious WordPress people should host with WordPress or use a web application firewall.

    WordPress is also easy to download and anybody can read through the source. As such anybody can develop attacks which can be easily verified on their local computer.

    If I was a webhost I dunno how I would keep up with the number of WordPress installs.
     
  4. ManagerJosh

    ManagerJosh Enthusiast

    248
    63
    +88
    At work, we perform DDoS attacks - 100% authorized though.
     
    • Something Fishy! Something Fishy! x 1
    • Informative! Informative! x 1
    • List
  5. pierce

    pierce Habitué

    1,016
    212
    +585
    Commercial botnets
     
  6. ManagerJosh

    ManagerJosh Enthusiast

    248
    63
    +88
    I would go through everyone's wp-config.php's and add the following line:

    PHP:
    define'WP_AUTO_UPDATE_CORE'true );
    It would force automatic updates constantly to the core.

    If I'm really anal about wordpress security, I would also add:

    PHP:
    add_filter'auto_update_theme''__return_true' );
    add_filter'auto_update_plugin''__return_true' );
     
Verification:
Draft saved Draft deleted