Wordpress has some SERIOUS (security) issues

Everyone I network with uses wordpress. Sure, there are some Typepad and Moveable Type users here and there, but Wordpress is the search engine friendliest, easiest to install and the plugins are great.

Wordpress is by far the best. Hands down!

In the past 6 months I have gotten a little bit of insight into the world of hackers and realized just how easy it is to hack ANY blog using the platform.

Matt Mullenweg said a lot of it is to blame on the plugins and says they are vulnerable and he may have a point, but the truth is that despite the fact that he has a team working on better ways to prevent hacking, it happens more and more.

Just last night a friend contacted me about a bunch of pill links in his footer. The hackers create pages on http://www.blithewold.org/blog/?online=143 and many more pages on that blog, because it has some authority status. Google reads that blog as a part of that site and gives it credibility. Then the hackers hack other blogs and give themselves incoming links to those pages and believe it or not, they rank quickly for related terms and the hacker profits.

The more time goes by, the more will get onto that bandwagon and learn how to do it.

Every week I get more and more pings from people who have been hacked.

My hope is that Matt will hire new people to help him control the issue. Skilled hackers. People who have an analytical mind and test for new vulnerabilities rather than wait for a new wave of attacks.

Even if plugins are vulnerable, there are ways to prevent hacking on their side considering that danger.

With all of the high profile sites using Wordpress, the results for hackers are great financial gain.

Matt, I hope you will see that this can be a bigger issue in the future with all of the high profile bloggers using your platform.

Hijacking an authority site guarantees you traffic. It depends on the domain the blog is hosted on.

As long as Google continues to give credibility to certain domains and as long as Wordpress remains as vulnerable as it is, the worst is yet to come.

Get some highly skilled hackers to work for you, Matt, and make your platform the best security wise as well.

Look at the code of this cache and see for yourself.

The results for hacked sites can include loss in Google rankings, your hosting company getting alerted and taking your sites down until you explain to them what has happened (depending on the company you are with) as well as a possible ban on Google’s part taking your blog out of their index. It can cost you time, money and headaches. If you have examples, feel free to leave them as a post to help press the importance of doing more to keep our blogs safe.

“My hosing is secure.” “I never get hacked.” Whatever you may think. If you are using Wordpress, you are subject to this. Your hosting can be safe, but thru the platform or the plugins you will be accessible and you might wake up one day and realize you no longer get traffic from Google. I personally have no desire to get away from Wordpress, but we need to have a stronger security system installed anticipating upcoming tricks to get in rather than fixing something after a lot of damage has already been done to many more blogs.

~ Mike Dammann