WordPress Security Woes

A few days ago all of the WordPress sites I have hosted on this server were hacked, so I’ve been learning more than I ever wanted to know about WordPress security.

Fortunately I didn’t lose any data, but it was still an almost two-day pain in the butt to get back to an unhacked state. After seeing what became of many of my files and database entries, I was a bit amazed that WordPress is as insecure as it is.

Several articles go into the sorts of hacks I was dealing with, where PHP code disguised as image files are added to the list of active plugins. Yuck.

Probably the most helpful article was Did Your Site Get Hacked. Why, yes it did. You might also consult WordPress Security Notes.

If you simply must see the glass as half full, one of the good things that came out of this was that I have now hardened both my own blogs and those of the clients who are hosted with my blog on my server, and at the same time in order to make maintenance less of a nightmare I’ve consolidated several just-sitting-there blogs into my more popular blogs.

Oh well, into each life must fall not just rain, but two days of useless software development aimed at thwarting some malicious moron with a copied exploit script.