How safe is
-
People from a Weebly blog called bin leaks have hacked many WordPress sites. They have ran Chaos. Please, Please, Please HELP!
The blog I need help with is: (visible only to logged in users)
-
The question you need to address is: Who, aside from you, has access to your login information?
If any person or any bot gains access to your blog then you have provided them with the ability to do so either deliberately by adding them as official users, or by allowing them access to your computer and/or login information, or unintentionally by posting content that makes it easy for them to guess what your log-in information is.
Go to your email program and change the password to a very difficult one because that’s how many hackers gain access to blogs.
1. If you can log-in go here > Users > All Users and delete any user that does not belong there.
2. Disable post by email > http://en.support.wordpress.com/post-by-email/
3. Disable post by voice > http://en.support.wordpress.com/post-by-voice/
4. Change your blog password to a very difficult one > http://en.support.wordpress.com/passwords/#change-your-password
5. Use a secure, encrypted connection to connect to your Dashboard. Under Users → Personal Settings, check the box that says “Always use HTTPS when visiting administration pages, and click Save Changes.
6. Set up two step authentication http://en.support.wordpress.com/security/two-step-authentication/
Then read this please knowing that blogs don’t get hacked when security protocols are followed. > http://en.support.wordpress.com/security/
-
Those hackers will do anything to destroy our blogs. The awful thing is that there blog is on weebly not wordpress! Blogs like weeklyweevilblog.wordpress.com have been completley deleted!
-
Yes, by people with admin access. Don’t make anyone else an admin and make sure your blog and email have very strong passwords that are regularly changed and you will be immune to such hacks.
I cover hackers for a living. If you make someone untrustworthy an admin of your site, you deserve to lose it for being gullible.
-
It appears in this case that the hackers from binleaks.weebly are using a brute force hacking program.
My own fan blog is one of those hit recently. I’d exported my XML quite recently, so I was luckier than some. -
Please allow me to draw attention to what I stated above. Anyone who follows security protocols will not be experiencing their blog being hacked. When it comes to kids like penguins, weevils etc. they do not always follow security protocols. They are at least gullible and at most stupid. There’s nothing more to say here except, stop spreading paranoia please and insure you have taken all the recommended security steps.
-
Brute force hacking? Doubtful, extremely doubtful that this would work on a WordPress.com blog. I covered the WP brute force hack as a reporter for the Daily Dot, and since your usernames are not “admin” or similar, you are not at the risk WP.org installs are at.
Make your password twenty characters long, downgrade all admins but yourself to Editors, and change your email password. You will be safer.
-
And for brute force methods to work – the ability to try many passwords needs to be possible, I would be surprised if WordPress.COM does not have safeguards in place against and infinite number of guesses.
A forum I post to from time to time had my login disabled one time, seems so goof did not remember their user name and tried to brute force the wrong name (mine) and after a few times they system disabled the login completely for my user name, I had to then go through the Admin to have things reset.
-
It does have limitations on the number of attempts that can be made.
Every time I see a children’s game site like this that gets hacked, I think of chewy, who was a criminal who preyed on Club Penguin sites. He got people to trust him, was made Admin, and then destroyed their blogs if they didn’t pay him. He also destroyed blogs so that his own blogs would have no competition, and would make more money for him.
Always, always, assume it’s your admins if you have more than one. Downgrade them all to editors; good friends will understand.
-
Then there were the kids sites that had “banners” to other sites, the “banners” were really ads, the pay per click revenue did not go to the kids, but to to the scam artist that gave the banners out. The kids were warned but had been told that they were “banners” not ads, some even to the point of changing wording in the sidebar to “banners” – but in the end many sites were suspended for ads – –
So as @RC says above – be very careful what you put on your blog as well as who has access to it.
-
I have done everything I should. The hackers themselves named the programme they are using. I am not trying to spread panic! Just trying to get the XML to download!
-
-
judisue
gul·li·ble
adjective
1. easily persuaded to believe something;stu·pid
ˈst(y)o͞opid/
adjective
1. lacking intelligence or common sense.I stand on what I said above. Without doubt I have met both gullible and stupid kids, who failed to follow security protocols and who were all over these forums bawling their eyes out and so have the the other Volunteers. I have no crying towels to hand out. I am into tough love and I don`t cotton to anyone attempting to use passive aggressive manipulative techniques on me. Every little snowflake needs to get smart and heard-edged about blog security or their blogs will be melted down by opportunists who suck they in.
-
edit: hard-edged about blog security or their blogs will be melted down by opportunists who suck them in.
-
Look, I report on hackers for a living. I am an administrator at 2600 (you don’t know what that means, but hackers do). Follow the advice we have given you and stop wailing that the big bad hackers are inevitably going to get you. If it’s inevitable, why bother trying to stop them? If you want to stop them, follow our advice.
Make your password twenty characters long, downgrade all admins but yourself to Editors, and change your email password.
-
Timetheif that is unnecessarily rude! I don’t see a need to get personal!
I’ve already got all my security up to date but I’m passing on all this stuff to the kids – about strong passwords and not being too trusting.
These forums are supposed to be for everyone and I certainly don’t feel welcome!
Needless to say, my export file still won’t download, so I still can’t take that last – WordPress recommended – step to protect the content the children have worked so hard to create. -
I would like to draw Timethief’s attention to the text below the comment box, which reads:
“We love positive and productive discussions, so please keep comments on the topics at hand and not on other members of the community. Thanks!” -
This has gone too far!
Visit my new site called ‘Save Bin Weevils’ to learn how to protect your blog from those childish hackers! -
At WordPress.com we take our users’ security and privacy very seriously, and true hacking is rare.
To build an additional level of protection, recently we began recommending our users set up two-step authentication, to make it significantly more difficult for someone to gain unauthorized access to a blog:
With all that having been said, if you suspect your WordPress.com blog has been hacked, please note that in almost every case this is due to a third party gaining access to your account login information or your associated email account. These things happen most frequently when someone uses the same password on multiple sites or uses a weak or easily guessed password. It also is common when people share computers or have access to non-password protected machines.
If you believe your WordPress.com account has been compromised, please do the following:
1) IMMEDIATELY change your WordPress.com password as well as the password to the associated email address.
2) Check to see if content has been deleted, and if so, you can restore it from the trash if it’s still there.
3) Notify us privately via email so we can look into the matter for you. Include in your email as many details as you know, including specifics on what has been altered or deleted.
It is also important to note that at WordPress.com we have no control over sites that are hosted on other hosting providers and running the free software from WordPress.org. In those cases, you will need to contact your own hosting provider or seek out private WordPress consultants to regain access to your site or restore your content.
-
A few days ago I read an artical in the newspaper that said WordPress is one of the most hacked blog making websites as it has very little protection.
- The topic ‘How safe is’ is closed to new replies.
WordPress.com Forums 