#1 (permalink)  
Old 03-08-2011, 03:42 AM
OsmosisStudios's Avatar
Don't Panic
  
Join Date: Sep 2008
Location: Mississauga / Ottawa
Posts: 11,351
Default Using WordPress?
You might not want to.

I've never liked WordPress, and I've especially never liked the concept of using someone else's "theme" as the brand for my website. But this shows that the themes you may or may not be using could be more malicious than you might think.

Why You Should Never Search For Free WordPress Themes in Google or Anywhere Else | WordPress News at WPMU.org
__________________
I am responsible for what I say; not what you understand.
OsmosisStudios
Gear List
Reply With Quote
  #2 (permalink)  
Old 03-08-2011, 04:09 AM
dlambert's Avatar
Take better pictures.
  
Join Date: Dec 2008
Location: Ohio, USA
Posts: 1,762
Default
Thanks for the link. When you read the article, be sure to also pay attention to the part where there's an easy way to check any themes you might be using for the sorts of exploits discussed.

Mine checked out just fine, by the way.
__________________
David Lambert
lambertpix.com
More photos in my gallery and 500px
Reply With Quote
  #3 (permalink)  
Old 03-08-2011, 11:45 AM
BuddhaPi's Avatar
Middle School Graduate
  
Join Date: May 2010
Location: Jupiter, Florida
Posts: 1,605
Default
Also besides addressing the issues mentioned in the above link wordpress should NEVER be installed using the default settings, hackers know exactly what and where these directories are, a little extra file editing will go a long way in securing your wordpress. I also suggest adding a second layer of protection via htaccess using a completely different username/password, this can easily be done either manually of look in your hosting control for an option to protect directories.
__________________
Nikon D7000:18-105mm VR Kit, Nikkor 35-70mm 2.8AF, Nikkor 50mm f/1.8d AF, Sigma 150-500mm f/5-6.3 AF, SB600
Web Design of Palm Beach
Photo Blog
Become a Fan on Facebook
Reply With Quote
  #4 (permalink)  
Old 03-08-2011, 02:17 PM
OsmosisStudios's Avatar
Don't Panic
  
Join Date: Sep 2008
Location: Mississauga / Ottawa
Posts: 11,351
Default
Both valid points: the thing is that WordPress is used and recommended for use by/to people with little/no web design or development knowledge.
__________________
I am responsible for what I say; not what you understand.
OsmosisStudios
Gear List
Reply With Quote
  #5 (permalink)  
Old 03-08-2011, 02:18 PM
Biomech's Avatar
World Commended
  
Join Date: May 2009
Location: UK
Posts: 2,234
Default
I think this came up last month :P
I always get my themes from somewhere like templatemonster, then I hack and customise them. You can also get a plugin for WP that scans the install and highlights any problematic areas.
__________________
Art: www.jamieorourke.co.uk
Work: www.jamieorourkephotography.co.uk
Work: Photo booth Hire in the West Midlands, and Wales
Sony a200 Sony a580, Canon 500D, Photobooth
Reply With Quote
  #6 (permalink)  
Old 03-08-2011, 02:25 PM
BuddhaPi's Avatar
Middle School Graduate
  
Join Date: May 2010
Location: Jupiter, Florida
Posts: 1,605
Default
Quote:
Originally Posted by OsmosisStudios View Post
Both valid points: the thing is that WordPress is used and recommended for use by/to people with little/no web design or development knowledge.
Also a good point...some people see FREE and figure why not, problem is nothing is FREE there is always something something somewhere..I recommend wordpress all of the time, but I also recommend the hiring of my services to install / secure the site especially to those wit no experience..kinda like having your cousin photograph your wedding on the cheap, you'll get what you pay for everytime!
__________________
Nikon D7000:18-105mm VR Kit, Nikkor 35-70mm 2.8AF, Nikkor 50mm f/1.8d AF, Sigma 150-500mm f/5-6.3 AF, SB600
Web Design of Palm Beach
Photo Blog
Become a Fan on Facebook
Reply With Quote
  #7 (permalink)  
Old 03-08-2011, 03:38 PM
BigFuzzy's Avatar
Mini-Mod
  
Join Date: May 2010
Location: Under a bridge, somewhere in northern Europe.
Posts: 2,746
Default
Quote:
Originally Posted by Biomech View Post
I think this came up last month :P
I always get my themes from somewhere like templatemonster, then I hack and customise them. You can also get a plugin for WP that scans the install and highlights any problematic areas.
What plug in is that? I'd like to check it out (though I'm pretty sure I'm safe as mine was not free and I hacked the sh!t out of it).
__________________
Al Borrelli Photography (being re-awesomefied.. pls be patient!)
I'll make you look good
Flickr | Twitter | Tumblr | about.me | Vimeo | 500Px
Reply With Quote
  #8 (permalink)  
Old 03-08-2011, 03:54 PM
BuddhaPi's Avatar
Middle School Graduate
  
Join Date: May 2010
Location: Jupiter, Florida
Posts: 1,605
Default
Quote:
Originally Posted by BigFuzzy View Post
What plug in is that? I'd like to check it out (though I'm pretty sure I'm safe as mine was not free and I hacked the sh!t out of it).
Try this one sir
__________________
Nikon D7000:18-105mm VR Kit, Nikkor 35-70mm 2.8AF, Nikkor 50mm f/1.8d AF, Sigma 150-500mm f/5-6.3 AF, SB600
Web Design of Palm Beach
Photo Blog
Become a Fan on Facebook
Reply With Quote
  #9 (permalink)  
Old 03-08-2011, 08:18 PM
Biomech's Avatar
World Commended
  
Join Date: May 2009
Location: UK
Posts: 2,234
Default
And/or:

WordPress Exploit Scanner
__________________
Art: www.jamieorourke.co.uk
Work: www.jamieorourkephotography.co.uk
Work: Photo booth Hire in the West Midlands, and Wales
Sony a200 Sony a580, Canon 500D, Photobooth
Reply With Quote
Reply

Bookmarks

« Previous Thread | Next Thread »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is On
Trackbacks are On
Pingbacks are On
Refbacks are Off


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2012, Jelsoft Enterprises Ltd.

What’s Your Preference?

Daily Digest

Each day we send out a quick email to thousands of DPS readers to notify them of updates. This email is just short excerpt of the first few lines of our latest post with a link if you want to read it all. You can unsubscribe from this this service at any time.

This service is provided by a third party (Feedburner) and you can subscribe to it by leaving your email address in the following field and confirming your subscription when you get an email asking you to do so.

Enter your email address for
Daily Updates:

Weekly Summary

For those wanting a weekly summary of what happens on this site this free email newsletter is probably your best option. It includes a summary of the tips posted to the site each week. This newsletter is subscribed to by over 25000 readers (many who also subscribe to the other options above) - come join the community!

To subscribe to this weekly newsletter simply add your email address to the following field and then follow the confirmation prompts. You will be able to unsubscribe at any time.

Enter your email address for
Free Weekly Newsletter:

 
SEO by vBSEO 3.3.0