Comments on: Wordpress Redirect Hack http://www.usingwp.com/secure-wordpress/wordpress-redirect-hack/ Learn How to Use Wordpress For Fame and Fortune! Fri, 27 Aug 2010 15:04:21 -0700 http://wordpress.org/?v=2.9.2 hourly 1 By: online stock trading advicehttp://www.usingwp.com/secure-wordpress/wordpress-redirect-hack/comment-page-1/#comment-220 online stock trading advice Mon, 11 Jan 2010 06:58:54 +0000 http://www.usingwp.com/wordpress-redirect-hack/#comment-220 Hey, I read a lot of blogs on a daily basis and for the most part, people lack substance but, I just wanted to make a quick comment to say GREAT blog!.....I"ll be checking in on a regularly now....Keep up the good work! :)I'm Out! :) Hey, I read a lot of blogs on a daily basis and for the most part, people lack substance but, I just wanted to make a quick comment to say GREAT blog!…..I”ll be checking in on a regularly now….Keep up the good work! :)

I’m Out! :)

]]> By: Dave Fergusonhttp://www.usingwp.com/secure-wordpress/wordpress-redirect-hack/comment-page-1/#comment-22 Dave Ferguson Thu, 23 Apr 2009 12:00:30 +0000 http://www.usingwp.com/wordpress-redirect-hack/#comment-22 Frank, mostly it's been a nuisance. Your advice is good; my ISP also sent me some tech suggestions. One is to move config.php files to a directory outside the public_html folder (I'm not sure how WP would get to that, then). Another is to change permissions on the config file to 440, so they can't be written to.If you'd like, I can email this to you--it's technical for me, but you might want to look at it and see whether it has value for others. Frank, mostly it’s been a nuisance. Your advice is good; my ISP also sent me some tech suggestions. One is to move config.php files to a directory outside the public_html folder (I’m not sure how WP would get to that, then). Another is to change permissions on the config file to 440, so they can’t be written to.

If you’d like, I can email this to you–it’s technical for me, but you might want to look at it and see whether it has value for others.

]]> By: fthomashttp://www.usingwp.com/secure-wordpress/wordpress-redirect-hack/comment-page-1/#comment-21 fthomas Thu, 23 Apr 2009 03:45:23 +0000 http://www.usingwp.com/wordpress-redirect-hack/#comment-21 Hey Dave, Thanks for your comments and I'm sorry to hear your predicement. What your problem is, is you have a security hole in your wordpress installation. Even if you've restored your wordpress install from a backup, you still have to repair the hole. Things to look at are:- your ftp password. Make it complex. I just finished repairing a hack of over 30 wordpress sites where the intruders hard cracked my ftp password through guessing. Took them several weeks, (found out after from my hosting agent), but they did crack it. Choose a hard long random password. - check your wordpress passwords. The biggest security hole is one, the admin password is easy to crack and two your password is easy to crack. - upgrade to version 2.7.1 on your wordpress blog. I'm thinking that you are still running 2.7 and 2.7.1 does fix some security issues. You can very easily upgrade from the admin console.And if all else fails, send me a message and I can offer my help to you.Frank Hey Dave, Thanks for your comments and I’m sorry to hear your predicement. What your problem is, is you have a security hole in your wordpress installation. Even if you’ve restored your wordpress install from a backup, you still have to repair the hole. Things to look at are:

- your ftp password. Make it complex. I just finished repairing a hack of over 30 wordpress sites where the intruders hard cracked my ftp password through guessing. Took them several weeks, (found out after from my hosting agent), but they did crack it. Choose a hard long random password.
- check your wordpress passwords. The biggest security hole is one, the admin password is easy to crack and two your password is easy to crack.
- upgrade to version 2.7.1 on your wordpress blog. I’m thinking that you are still running 2.7 and 2.7.1 does fix some security issues. You can very easily upgrade from the admin console.

And if all else fails, send me a message and I can offer my help to you.

Frank

]]> By: Dave Fergusonhttp://www.usingwp.com/secure-wordpress/wordpress-redirect-hack/comment-page-1/#comment-17 Dave Ferguson Thu, 23 Apr 2009 00:28:16 +0000 http://www.usingwp.com/wordpress-redirect-hack/#comment-17 I have what I think is a related problem. When I access my blog, I see at the bottom of the browser window attempts to contact 94.247.2.195, an address registered in Latvia.I'm not in Latvia.I do not have the redirect plugin, so that's not the cause. However, I found over a dozen php and html pages on my blog that had code inserted into them last Sunday. I think this is what's causing the redirect attempts... but I don't know.Fortunately I did a complete backup of the blog (including all the WP files) six weeks ago or so, in addition to my weekly backup of the posts, so I can overwrite. I'm just wondering how this happened, and how to keep it from happening again. I have what I think is a related problem. When I access my blog, I see at the bottom of the browser window attempts to contact 94.247.2.195, an address registered in Latvia.

I’m not in Latvia.

I do not have the redirect plugin, so that’s not the cause. However, I found over a dozen php and html pages on my blog that had code inserted into them last Sunday. I think this is what’s causing the redirect attempts… but I don’t know.

Fortunately I did a complete backup of the blog (including all the WP files) six weeks ago or so, in addition to my weekly backup of the posts, so I can overwrite. I’m just wondering how this happened, and how to keep it from happening again.

]]>