Wordpress Security Issues

I am stepping outside of the topics of SEM and SEO to briefly speak about the 1000’s upon 1000’s of self-hosted Wordpress blogs that are being hacked all over the internet.

Wordpress seems to be the new “Windows” - it has a large enough installed user base and enough back-end vulnerabilities to become a favorite target of hackers and spammers. Add to that the number of new users, who may not be doing what they need to protect their databases and you have a recipe for disaster.

Most of the fixes are well beyond the scope of this blog. However, if you are mysql and php literate, you may want to start with this post at the wordpress.org forums and read Doncha’s post on Did Your Wordpress Site Get Hacked?

If you haven’t been hacked or do not know if you have, the best thing to do is to update to the latest version of Wordpress. Also, I highly recommend the Wordpress Security Scan plugin by Michael Torbert at SemperFi Webdesign. The plugin is free and open-source and it will help you find and correct many Wordpress vulnerabilities. In my case, I ran the “Scan” function and found that several of my folders had incorrect permissions. Since I changed the permissions, my blogs seem to be spam free (knock on wood).

Here’s a great blog post on 11 ways to secure your wordpress blog.

Be well and stay safe! - Ryan