WordPress Websites and Blogs get hacked. All Content Management (CMS) and other Website software gets hacked and as WordPress is so incredibly popular it makes sense that WordPress Sites will be hacked. Fortunately WordPress is actually very secure against malware and hackers. I offer services where I assist people and organizations to recover from hacked WordPress Sites so have seen all sorts of ways that Sites get hacked. Today however I came acroess a hacked Site with a new ‘footprint’.
The client had received an email from Paypal saying that his Site had been compromised. The Website was now being used as a ‘phishing’ Site to get information from Website visitors and maliciously send that information to a 3rd party (the hacker). My clients Site had also been identified by Google Chrome, Internet Explorer, Firefox and others as a malware and phishing Site.
I’m not going into the various technical details of the compromise save to say that it had the hallmarks of a SQL-injection or some other Mysql database compromise. My suspicion is that the Webhost unwittingly allowed access to the hacker through, possibly, unpatched or not updating PHP.
I don’t believe that WordPress itself was the method used by the hacker to compromise the Site. Unfortunately sometimes Sites get hacked no matter what CMS or software used!
Posted from WordPress for Android