So you have a great idea for a site, you buy a domain, throw a WordPress site up on your shared hosting and upload a free template and every cool plugin known to man. Within an hour you’ve written 5 blog posts and dropped a link at dp so within 2 more hours the spiders will be all over the site and the world will know about you.
Anyone who has been around for a bit knows that all of those plugins and themes should be checked out before they get uploaded but in reality some can get pretty gnarly and the vast majority of WordPress users can do little more than ftp.
Securi have blown the whistle on a so-called “Pharma hack” where a few lines of code nestled in a template (but could just as easily be a plugin) allow the hacker to upload further scripts and take control of your site. They appear to be taking it easy right now and just inserting new links around the place and hoping, I guess, that most will be on auto-blog so that the owners are relatively disinterested and won’t notice their changes.
A few years ago WordPress had a situation where they’d stopped using a file that had a security flaw in it. Those of us who upgraded properly deleted the file and were fine. Those who just uploaded the new files ontop of the old still had the file on their servers and were vulnerable.
If you’ve got lazy of late its time to rethink how you upgrade and what you install. Probably time to lock down that config.php too.
And time for WordPress to let us have any files that are never called directly isolated and either moved below the root or locked away from public access.
viagra levitra review? Viagra For Sale caught selling viagra
Viagra erection duration viagra erection enhancers problems 400. Cheapest Viagra Prices generic viagra levitra regalis
viagra pages edinburgh find generic girl, Viagra Prescription Uk order phizer viagra
Viagra alcohaol viagra alcohol 20. Viagra No Prescription Uk alternative viagra uk biggest viagra case 775.
forced viagra and tied up Viagra Sale viagra free gratis