I also go way beyond wordpress by offering an additional script that can help secure your entire site and not just wordpress.

Unless you have 15 years of coding under your belt your suggestion does not mean anything. People that listen to those that do not know what they talk about is the reason why those people get hacked.

James

I’m sorry to hear that. You know, WordPress is secure if properly secured. Of course, this isn’t a one-time thing, but the bulk of the process is, and the rest is easy to keep up.

I’ve produced a video, a 10 tips how-to, and wondered if I may link to it from here? If that’s not cool I understand, but here is a link for your perusal.

Video How-to: 10 Tips To Make WordPress Hack-Proof …
http://guvnr.com/web/blogging/10-tips-to-make-wordpress-hack-proof/

Anyhow, hope that helps someone.

Cheerio.

This might help: Maximum Security for WordPress – Keeps WordPress Secure

BTW: I’ve seen a copy of “WordPress Secured” sold by mass-marketer James Stein (link to his name in the previous comment listed above) and in my opinion it’s not the way to secure WordPress, plus it creates a real pain when you need to upgrade WordPress. I’d advise people to not use it – especially if you’ve already upgrade to WordPress 2.7.

Using proper solutions will cut down the chances of hacking greatly..

James

I would agree though anytime you have something popular that’s what the hackers like. And I don’t believe that any script is perfect or hacker proof. Some certainly do a better job than others though.

I know of a couple of other sites that were hacked, probably because they were slow to upgrade (college newspaper site among them). Not sure of the solution, but most of us don’t have the mad skillz to write our own blogging app.

Great questions. It would be interesting to know the setup of WordPress installations that get hacked.

Certainly a Web site is a lot like a car. Any car can get hacked, but attackers tend to prefer the low-hanging fruit.

If it was 777, a welcome doormat reading “hack me” was basically put out. Not to mention that his wp-config.php should have been set to read-only.

Unfortunately WordPress makes it easy to install without going into security details.

I’ve used WordPress for a past version of my personal site, but switched to Movable Type because I was more familiar with the templating. I’m now running on my own blogging app in Django.

This post is just a thought, because WordPress very well might be the most secure blogging platform available. There are several issues that could lead to someone’s blog going down. One I would look to would be plugins. Even if WordPress is secure, there could be issues with certain plugins.

Also, Marc brings up a good point about hosting providers. Not all hosts are created equal, and I see a lot of complaining on Twitter about hosting.

Matt, what host were you using when your database got hacked? I wonder what host MultimediaShooter.com was on as well? I’m considering getting another host if and when I launch a for-profit blog (nothing like this blog).

Obviously, WordPress is going to be a target since it is so high profile. Maybe it is just a weird coincidence that both blogs went down in a week. I don’t know, but I do know I’m sticking with WordPress for the forceable future.

Maybe we need to make a list of hosts that do secure their hardware and that are worth paying for each month?

2.4 has never been released, nor will it be. The decision was made to skip the 2.4 branch and concentrate on the 2.5 release (which was due on 3/10 but now delayed at least a week.)

I can’t argue with Matt’s logic, but jumping to the arcane as a security measure seems a little extreme, and potentially self-defeating.

Yes, WordPress has had it’s security issues… but they are always addressed quickly. I daresay that PHP, the language that WordPress was written in, has had far more issues. The same goes for Linux and Apache and good Lord, IIS for a long time was a hacker whore.

Its an administrator’s roll to insure that patches are applied in a timely manor. This applies to Blogger, MovableType, WordPress, Drupal, or what the heck ever as well as the underlying OS. It’s why we make the big bucks (when compared to Journalists).

Frankly I’ve seen a number of high profile Journalism blogs — yes including JI — that have run outdated versions of WordPress for months on end. This isn’t WordPress’s fault.

The latest version of WordPress is 2.3.3, are you running it?