Comments on: WordPress Permalink Hack – Old Versions Watch Out! http://www.affiliatestuff.co.uk/wordpress/wordpress-permalink-hack-watch-out/ Affiliate marketing news & articles for newbies and pros by Kirsty McCubbin Thu, 19 Jan 2012 22:22:13 +0000 hourly 1 http://wordpress.org/?v=3.2.1 By: Steve K http://www.affiliatestuff.co.uk/wordpress/wordpress-permalink-hack-watch-out/comment-page-1/#comment-5382 Steve K Sun, 13 Sep 2009 23:43:31 +0000 http://www.affiliatestuff.co.uk/?p=264#comment-5382 Have you pimped out Duncan's updating service yet, I have a couple of sites that need sorting?! Have you pimped out Duncan’s updating service yet, I have a couple of sites that need sorting?!

]]> By: Lee http://www.affiliatestuff.co.uk/wordpress/wordpress-permalink-hack-watch-out/comment-page-1/#comment-5348 Lee Mon, 07 Sep 2009 22:09:02 +0000 http://www.affiliatestuff.co.uk/?p=264#comment-5348 The exact thing happend to our wordpress blog the other day, the hacker also created themselves an admin account which was hidden, but Cyberbird managed to find and delete it for us, the odd thing is the hidden admin account could only be seen for a few seconds by using the 'flock' browser (never heard of it myself), using any other browser it was completely hidden apart from the number of admins showing in the Administrator link. Our wordpress version wasn't that old, it was 2.8.2 but now upgraded to 2.8.4 and are now keeping a close eye on it. Lee The exact thing happend to our wordpress blog the other day, the hacker also created themselves an admin account which was hidden, but Cyberbird managed to find and delete it for us, the odd thing is the hidden admin account could only be seen for a few seconds by using the ‘flock’ browser (never heard of it myself), using any other browser it was completely hidden apart from the number of admins showing in the Administrator link.

Our wordpress version wasn’t that old, it was 2.8.2 but now upgraded to 2.8.4 and are now keeping a close eye on it.

Lee

]]> By: PAYG http://www.affiliatestuff.co.uk/wordpress/wordpress-permalink-hack-watch-out/comment-page-1/#comment-5346 PAYG Mon, 07 Sep 2009 19:56:51 +0000 http://www.affiliatestuff.co.uk/?p=264#comment-5346 Those of you with Fantastico in your hosting account - you can upgrade your installation simply and easily. Just go to the Fantastico part of your hosting platform and hit the upgrade link. This may save you some of the hassle of changing the read/write/execute permissions via your ftp client. It would be worth locking down the permissions on your WP sites until a thorough patch is found. The permission settings in WP leave it full of holes to get locking down those 'execute' options in your ftp client! Something that I am trying to find out about is a wordpress set-up that allows you to run an installation of wordpress locally on your machine (using a WAMP server) and then export flat HTML files up to your web server.... this 'should' save your site from being exploited... (especially if the web server is set to read only). This solution is only any good for websites where you are pushing pages and posts but not allowing comments but as so many affiliates use WP as a plain CMS for pushing content this could be a good solution for some affiliate sites. Anyone no anything about 'WP save to HTML' plugins and which ones are any good? Would be great for a pointer. Those of you with Fantastico in your hosting account – you can upgrade your installation simply and easily. Just go to the Fantastico part of your hosting platform and hit the upgrade link.

This may save you some of the hassle of changing the read/write/execute permissions via your ftp client. It would be worth locking down the permissions on your WP sites until a thorough patch is found. The permission settings in WP leave it full of holes to get locking down those ‘execute’ options in your ftp client!

Something that I am trying to find out about is a wordpress set-up that allows you to run an installation of wordpress locally on your machine (using a WAMP server) and then export flat HTML files up to your web server…. this ‘should’ save your site from being exploited… (especially if the web server is set to read only). This solution is only any good for websites where you are pushing pages and posts but not allowing comments but as so many affiliates use WP as a plain CMS for pushing content this could be a good solution for some affiliate sites.

Anyone no anything about ‘WP save to HTML’ plugins and which ones are any good? Would be great for a pointer.

]]> By: Dan Harrison http://www.affiliatestuff.co.uk/wordpress/wordpress-permalink-hack-watch-out/comment-page-1/#comment-5342 Dan Harrison Mon, 07 Sep 2009 12:17:55 +0000 http://www.affiliatestuff.co.uk/?p=264#comment-5342 I run daily backups. Thanks to that, I was able to fix my website in just 1 hour. There is a lack of good and reliable backup systems, I really must look into solving that issue. Dan I run daily backups. Thanks to that, I was able to fix my website in just 1 hour.

There is a lack of good and reliable backup systems, I really must look into solving that issue.

Dan

]]> By: Kirsty http://www.affiliatestuff.co.uk/wordpress/wordpress-permalink-hack-watch-out/comment-page-1/#comment-5337 Kirsty Mon, 07 Sep 2009 07:22:28 +0000 http://www.affiliatestuff.co.uk/?p=264#comment-5337 It's easy Steve, I say "Duncan, get that Wordpress updated today" and it happens. Thanks for that heads up Dan, I checked all of my SQL Databases today and backed them all up for good measure just in case anything nasty happens in the next little while! It’s easy Steve, I say “Duncan, get that WordPress updated today” and it happens.

Thanks for that heads up Dan, I checked all of my SQL Databases today and backed them all up for good measure just in case anything nasty happens in the next little while!

]]> By: Dan Harrison http://www.affiliatestuff.co.uk/wordpress/wordpress-permalink-hack-watch-out/comment-page-1/#comment-5331 Dan Harrison Sun, 06 Sep 2009 12:16:06 +0000 http://www.affiliatestuff.co.uk/?p=264#comment-5331 My website got attacked last night, and I've been running the latest version of wordpress for ages. So just because the latest versions of wordpress are (relatively) secure, it doesn't mean your plugins are. Dan My website got attacked last night, and I’ve been running the latest version of wordpress for ages. So just because the latest versions of wordpress are (relatively) secure, it doesn’t mean your plugins are.

Dan

]]> By: Steve K http://www.affiliatestuff.co.uk/wordpress/wordpress-permalink-hack-watch-out/comment-page-1/#comment-5326 Steve K Sat, 05 Sep 2009 15:20:27 +0000 http://www.affiliatestuff.co.uk/?p=264#comment-5326 Cheers Kirsty and Jason for the warning. How do you usually upgrade your WP versions? I know you can do it in admin automatically, but always fails for me. I'm sure someone mentioned a plugin a while back. Cheers. Cheers Kirsty and Jason for the warning.

How do you usually upgrade your WP versions? I know you can do it in admin automatically, but always fails for me.

I’m sure someone mentioned a plugin a while back.

Cheers.

]]> By: Ted http://www.affiliatestuff.co.uk/wordpress/wordpress-permalink-hack-watch-out/comment-page-1/#comment-5321 Ted Sat, 05 Sep 2009 03:43:46 +0000 http://www.affiliatestuff.co.uk/?p=264#comment-5321 Thanks for the heads up Kirsty. I checked and one of my sites had been bitting by this hack. All fixed now, Thanks. Thanks for the heads up Kirsty.

I checked and one of my sites had been bitting by this hack. All fixed now, Thanks.

]]> By: Kirsty http://www.affiliatestuff.co.uk/wordpress/wordpress-permalink-hack-watch-out/comment-page-1/#comment-5314 Kirsty Fri, 04 Sep 2009 23:33:02 +0000 http://www.affiliatestuff.co.uk/?p=264#comment-5314 Thanks for that Andrew, hadn't considered that with new versions - I rarely update immediately that they are issued anyhow. I'm aware the second to last version had a security issue though. I've updated already and thankfully all seems to be fine. I don't have that much in the way of complex plugins on here, will just have to keep the internet fingers crossed its not out of the frying pan and into the fire! Thanks for that Andrew, hadn’t considered that with new versions – I rarely update immediately that they are issued anyhow. I’m aware the second to last version had a security issue though.

I’ve updated already and thankfully all seems to be fine. I don’t have that much in the way of complex plugins on here, will just have to keep the internet fingers crossed its not out of the frying pan and into the fire!

]]> By: andrew wee http://www.affiliatestuff.co.uk/wordpress/wordpress-permalink-hack-watch-out/comment-page-1/#comment-5313 andrew wee Fri, 04 Sep 2009 23:12:31 +0000 http://www.affiliatestuff.co.uk/?p=264#comment-5313 Hi Kirsty, Tks for visiting. I'd personally refrain from updating too quickly just because the new versions: 1) often contain security holes themselves 2) frequently break previously working plugins 3) plugin developers can sometimes take a couple of weeks to develop an updated plugin compliant with the new version of WP. If anything, I'd suggest looking at the version info on the Wordpress site and updating to the 2nd newest version, unless there's a security issue related. Hi Kirsty,
Tks for visiting.

I’d personally refrain from updating too quickly just because the new versions:
1) often contain security holes themselves
2) frequently break previously working plugins
3) plugin developers can sometimes take a couple of weeks to develop an updated plugin compliant with the new version of WP.

If anything, I’d suggest looking at the version info on the WordPress site and updating to the 2nd newest version, unless there’s a security issue related.

]]>