Has Your WordPress Blog Been Hacked?

This is a guest post by Simon Ward, founder and author of Pingable.org. You can find him on twitter @Pingable. I have been blogging with WordPress since 2007. It’s a fantastic platform with a huge variety of plugins and themes which allow for a fantastic experience for you and your readers. However, if you follow…

WordPress Security Threats – Jun/2012

June’s round-up of WordPress security threats. If you have one of these plugins, make sure you’ve updated to a new version that has the vulnerability fixed, or disable the plugin immediately. If you feel you may have been hacked, use the Sucuri free scan tool. Sucuri was fairly quiet on WordPress security threats in June,…

WordPress Tutorial: Using SSH to Install/Upgrade

This tutorial will guide you step by step on how to setup your server so you can install new plugins and upgrade existing plugins using an SSH2 layer in PHP and WordPress. What is WordPress? WordPress started in 2003 with a single bit of code to enhance the typography of everyday writing and with fewer…

How to Stop the Hackers – WordPress Security

Tony Perez, COO & CFO of Sucuri, posted a great tutorial and write-up about how to harden WordPress. Why bother hardening WordPress? Stop the hackers. Tony discusses how to effectively use your .htaccess file — password protection, denying a visitor by IP address, hot link protection and more. He also goes over how to securely…

Password Security in the Year 2012

Recent events, including the password breach at LinkedIn and eHarmony, have been getting worse and worse. Whether it’s AOL accidentally releasing search data on 500,000 people, or Gawker’s in-house CMS getting hacked and exposing passwords to 1.3 million users, security is becoming a hot topic. The core developers of WordPress agree that security should be…

WordPress Security Threats – May/2012

May’s round-up of WordPress security threats. If you have one of these plugins, make sure you’ve updated to a new version that has the vulnerability fixed, or disable the plugin immediately. If you feel you may have been hacked, use the Sucuri free scan tool. Between both Sucuri and PacketStorm, May was an extremely busy…

WordPress Security Threats – Apr/2012

April’s round-up of WordPress security threats. If you have one of these plugins, make sure you’ve updated to a new version that has the vulnerability fixed, or disable the plugin immediately. If you feel you may have been hacked, use the Sucuri free scan tool. Between both Sucuri and PacketStorm, April was a busy month…

CodeGuard: WordPress Backup and Threat Protection

CodeGuard is a new WordPress backup and security service that feels like a user-focused VaultPress+Sucuri mashup. The backup aspect of it lets you manage a complete backup, all the nuts and bolts of an entire site. All the core WordPress files, the database — including the users, posts, tags, categories, and even custom post types.…

WordPress Security Threats – Mar/2012

March’s round-up of WordPress security threats. If you have one of these plugins, make sure you’ve updated to a new version that has the vulnerability fixed, or disable the plugin immediately. If you feel you may have been hacked, use the Sucuri free scan tool. It was a pretty quiet month for security issues with…

WordPress Phishing Scam

There was an accident recently, where users received emails that look like they’re from the official WordPress site. But alas, phishing is nothing new, but still something to be conscious of. Here’s what @Nacin had to say: We’ve received reports of phishing attempts using domain wordpress-dot-org-dot-org and wordpressplugins at hotmail.com. Be alert! — Andrew Nacin…

WordPress Security Threats – Feb/2012

February’s round-up of WordPress security threats. If you have one of these plugins, make sure you’ve updated to a new version that has the vulnerability fixed, or disable the plugin immediately. It was a pretty quiet month for security issues with WordPress, thankfully.

WordPress Security Threats – Dec/2011

December’s round-up of WordPress security threats. If you have one of these plugins, make sure you’ve updated to a new version that has the vulnerability fixed, or disable the plugin immediately. WordPress Pretty Link 1.5.2 Cross Site Scripting Google reCAPTCHA WordPress Cross Site Scripting WordPress UPM-POLLS 1.0.4 Blind SQL Injection WordPress Facebook Page Promoter Lightbox…

WordPress Security Threats – Nov/2011

November’s round-up of WordPress security threats. If you have one of these plugins, make sure you’ve updated to a new version that has the vulnerability fixed, or disable the plugin immediately. WordPress Zingiri 2.2.3 Code Execution WordPress Jetpack SQL Injection WordPress Lanoba Social Cross Site Scripting WordPress Advanced Text Widget Cross Site Scripting WordPress Alert…

TimThumb – Did you get hacked?

A couple days ago, I got an alert from my webhost that they had rebooted my server (I run Storm on Demand by Liquidweb). Their 24/7 monitoring team noticed high memory and CPU usage, and acted quickly to resolve the issue. I had no idea anything was happening, this all happened behind the scenes. So…