In the past few days, so many hacking cases of wordpress blogs have been reported. Referred to the WordPress News, the hack seems to affect WordPress 2.9.2, the latest version of the blogging platform. Researchers identified several patterns the attackers used. The main cause highlighted after the research found to be the “Design”of WordPress blog platform itself. The design allows some nice permissions to be set up by the users. After setting is complete, the users can view the wp- configuration, php file configuration files etc.
The issue is being raised for quite sometime and at the same time, every new day, new people are coming up with own suggestions to fix up the problem. We have so many cases of hacking with us. Like Media Temple hosted WordPress blogs were the ones hit by the attack. Not only this, same case was also reported by Godaddy, Network Solutions or VPS.net indicated that the attack was not web hoster specific. Malicious iFrames have been injected to the blogs and the infection also transfers automatically to all the visitors.
Network Solutions have taken action immediately . They have cleaned all the infected blogs and also have changed passwords for their wordpress blogs to avoid such issues in the future too. Now read what the the blogging platform provider say… WordPress says ‘that they do not think that the issue is with the security system of the software. Rather the attacks have targeted the weak file permissions. They completely denied any issue with their software by stating that the hosting party is responsible for all this. The hosting provider needs to check web server security and file permissions. Actually the hackers were not that harmful, as they changed only the site URL’
The hacking problem can affect even the most famous blogs and it is very difficult to overcome the problem. There are some precautions which should be kept in mind. The Credentials are to be stored somewhere and the web server should be able to read it anyhow. The decryption key is to be stored in some another file in the file system. Without accessing into the database system, the attackers cannot decrypt the credentials. The other blog platforms like Joomla etc. where the permissions in the configuration files are set up incorrectly, are also prone to these kinds of attacks.
So, all the bloggers and webmasters need to check their wordpress blogs immediately. Hopefully they are not compromised yet. You can also download Antivirus wordpress plugin. It might help you and avoid all such issues in the future.
Please leave comments on this serious issue or you may also come up with your suggestions to fix up the problem. Your suggestions might help somebody else who is facing this problem.