Tag Archives: low-level server hack

WordPress.com Hacked (Again)

imageAnytime a users email account, or web site gets hacked, it’s seemingly always the user’s fault – never the service provider’s fault. Or so we’re led to believe – full transparency is rarely a strong point of Internet service providers.

So, I’ll climb on the Kudos bandwagon, (with some reservations), and congratulate WordPress for coming clean on yesterday’s low-level server hack.

From WordPress

Tough note to communicate today: Automattic had a low-level (root) break-in to several of our servers, and potentially anything on those servers could have been revealed.

Our investigation into this matter is ongoing and will take time to complete. As I said above, we’ve taken comprehensive steps to prevent an incident like this from occurring again.

It’s not my intent to castigate WordPress, but they don’t get away entirely free. Looking back to June of last year, following a hack in one of my Gmail accounts, I made the following points.

………………. I am certain of this – ANY website, or service, can be hacked.

What I find very annoying is, Gmail, WordPress, and others, simply refuse to acknowledge, that vulnerabilities exist in their systems – especially WordPress.

Listen up WordPress – if the Pentagon can be hacked, and it has been, frequently, then WordPress is definitely NOT invulnerable to hacking – despite your assurances to the contrary.

If you run a WordPress.com site, here’s Matt Mullenweg’s advice:

Based on what we’ve found, we don’t have any specific suggestions for our users beyond reiterating these security fundamentals:

  • Use a strong password, meaning something random with numbers and punctuation.
  • Use different passwords for different sites.
  • If you have used the same password on different sites, switch it to something more secure.

I’ll throw in my own unvarnished advice: If you use the Internet, expect to be attacked – on all fronts.

In the past, when I’ve taken issue with WordPress (always based on their self declared invincibility to hacking), I’ve dealt with several reader comments which attempted to make the point that perhaps I was an ungrateful cur – after all, WordPress provides a free service. The reality is somewhat different.

My association with WordPress is the very definition of a symbiotic relationship – they provide the service free – I provide good content – they advertise based on my content – they make $$$$$$ – lots of $$$$$$.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

2 Comments

Filed under blogging, Cyber Crime, Cyber Criminals, cybercrime, Internet Security Alerts, Opinion, Point of View, WordPress