Skip to main content

WordPress Blogs Suffer from a Mass Compromise

Let's start our week with news about security vulnerabilities of WordPress blogs. This is one of the most used blog scripts out there, including the multi-sites free blog hosting. If you are using WordPress blog script, you need to read this article to make sure that you're free from malware.

"Mass compromises have not been in the news of late but a new wave recently hit the headlines. According to news reports, users running the popular blogging platform WordPress have been hit with an attack that modifies a setting within the application that contains the URL of a blog.

In compromised sites, this setting is changed to point to a malicious website. This redirects all would-be blog readers to the said website, which contains scripts leading to a malicious file detected by Trend Micro as TROJ_BUZUS.ZYX." (2010, Trend Micro)

"Mark Jaquith’s good rule of thumb is “the most restrictive permissions that still work.” File permissions vary from server setup to server setup, Generally, “644″ is recommended for wp-config.php. For public_html, it is usually 755." (2010, Network Solutions). I agree, the 755 folder and 644 file permission should be implemented before you roll-out your blog.

Cheers for now.


Popular posts from this blog

Leviticus 4:12

Even the whole bullock shall he carry forth without the camp unto a clean place, where the ashes are poured out, and burn him on the wood with fire: where the ashes are poured out shall he be burnt. Leviticus 4:12 from King James Bible.

Acts 18:12

And when Gallio was the deputy of Achaia, the Jews made insurrection with one accord against Paul, and brought him to the judgment-seat, Acts 18:12 from Webster Bible Translation.

Jeremiah 31:24

And there shall dwell in Judah itself, and in all her cities together, husbandmen, and they that go forth with flocks. Jeremiah 31:24 from Webster Bible Translation.