Does WP allow hacking?

  • Roar

    (@rori)


    20 years ago

    Someone posted this article:
    https://www.sencer.de/article/321/wordpress-textpattern-and-security

    And I did find something, it was related to CSRF. I wrote the general idea up an entry1 and a follow-up to it2. Of course with no mention of any specific software. In a Nutshell: I could have tried to delete entries on your weblog, just by you viewing this page a€“ no matter your browser-vendor or settings. The success would not have been guaranteed, since it would have required that you had to be logged in to your site, or using the auto-login-feature a€“ that however is not a rare condition. IMHO this was a pretty serious issue.

    It appears to be something of the Cookie Grabber genre, but I am just wondering if this is a hypothetical issue, is it restricted to IE since that browser has so many holes in it anyway?
    What concerns me most about this is the inability to backup.
    Help?

Viewing 8 replies - 1 through 8 (of 8 total)
  • masquerade

    (@masquerade)

    In short, yes WordPress is still target to these vunerabilities. Should you be worried? Not necessarily, because attacks are very unlikely to be targetted at you. If you’re still worried, then backup.
    WordPress doesn’t lack the ability to backup, it simple expects the user to have their own method of backing up, since backups are so easy to generate today, especially with software like phpmyadmin.

    charle97

    (@charle97)

    your hosting provider should have the information you need to backup your site.

    Anonymous

    Yes, of course WP allows hacking. The developers have been very careful to ensure that anybody with even the smallest amount of knowledge can get into your site and totally destroy it whenever they feel like it. At the same time, WP has code that hackers can use to steal your passwords, credit card numbers, and all of the serial numbers for your installed software. It will also steal your driver’s licence number, phone number, and the keys for your car. Then, the code will paint your neighbors house pink, after erasing their hard drive and replacing all of the bookmarks for their browser to pr0n sites. It will then call your veterinarian and make an appointment to have you spouse spayed or neutered, and make reservations to 22 consecutive showings of Celine Dione in concert in Las Vegas.
    Then, with a special plugin, WP can be hacked to cancel your garbage pickup, stop your mail, and send all of your email addresses and your entire address book to every spammer database in the world.
    Other than that, however, WP is pretty secure.

    Kafkaesqui

    (@kafkaesqui)

    Well, at least it doesn’t seem to keep you from backing things up…

    Thread Starter Roar

    (@rori)

    ROTFL!
    Is there a plugin for walking the dog?

    Anonymous

    “replacing all of the bookmarks for their browser to pr0n sites”
    No need to replace anything that’s already there.

    Anonymous

    The only WordPress hack I ever perpetrated was on the opensourcecms site, where I created two categories that were each other’s parent.
    I wonder if that’s still possible in 1.3….

    Moderator James Huff

    (@macmanx)

    Here are some backup/restore instructions for WordPress: https://www.tamba2.org.uk/wordpress/backup/

Viewing 8 replies - 1 through 8 (of 8 total)
  • The topic ‘Does WP allow hacking?’ is closed to new replies.