Back in April news broke of a number of WordPress powered sites being compromised and redirecting visitors to malicious sites. At that time the problem seemed to be limited to Network Solutions shared hosting customers but more recently similar exploits have been encountered by GoDaddy customers. At this point it seems that not only WordPress but other PHP based software, such as ZenCart and Joomla, and static HTML websites have also been compromised.
I’ve been keeping an eye on this story and when I saw that the ExplictWeb Podcast were interviewing WordPress contributing developer Andrew Nacin I asked, via twitter, if they could get his comments on the issue. Sadly there was not enough time to get his response on the show, but he kindly replied to my question on his blog.
Andrew points out that Network Solutions have already owned up to the fact that it was their fault and nothing to do with WordPress, citing the problem was due to a ‘complex combination of factors’. In a later post they explain more fully what the attackers did and I hope we also see the results of security analysts working on the problem as to what mis-configurations or weaknesses were exploited.
For those who run websites, it might be time to think about the quality of your hosting. Shared hosting solutions are cheap but it is hard to balance low-cost with security and performance.
Questioning WordPress Security – Roundup | steveblamey.co.uk http://bit.ly/d7Gqvt
This comment was originally posted on Twitter
RT @steveblamey: Questioning WordPress Security – Roundup | steveblamey.co.uk http://bit.ly/d7Gqvt
This comment was originally posted on Twitter
Pingback: Tweets that mention Questioning WordPress Security – Roundup | steveblamey.co.uk -- Topsy.com