57
Responses
Comments
Trackbacks/Pingbacks
-
[…] (Vulnerable WordPress Blogs Not Being Indexed > Massive Blog Hackery Exposed > TailRank Exposes Massive Number of Blogs Hacked) It seems like if you’re running WordPress, it’s advisable to upgrade to 2.5 (which was relatively painless) as well as checking the actual code of your theme… […]
-
[…] tools collection are also running an article “Vulnerable WordPress Blogs Not Being Indexed” which goes on to say “Technorati is just the beginning. If your blog has spammy links, […]
-
[…] hat es WordPress wirklich geschafft: Einerseits weigert sich Technorati, alte Versionen in den Index aufzunehmen, und andererseits ist die aktuelle Version sowas von kaputt und mit vielen Browsern so unbedienbar, […]
-
[…] das Opfer das Template aktiviert. Siehe dazu “Massive Blog Hackery Exposed“, “Vulnerable WordPress Blogs Not Being Indexed” und “Blog Hacks Coming Back to Roost? “. Artikelzusatzinfos 1. Tags: blog […]
-
[…] Under : hacks, indexing, wordpress, WP2.5 Weblog Tools Collection » Blog Archive » Vulnerable WordPress Blogs Not Being Indexed Vulnerable WordPress Blogs Not Being Indexed: Technorati has decided to not index vulnerable and […]
-
[…] Weblogtoolscollection […]
-
[…] Geek Ramblings & Weblog Tools Collection] WordPress articoli correlati: WordPress 2.5WordPress 2.1.3cforms II in italianoInside Plugins: […]
-
[…] everyone be aware of some security issues with older WordPress versions. I have even seen first hand an attacked site. The lesson here is to […]
-
[…] vulnerables de WP dejarán de ser indexados por su buscador. Esto se traduce, como comenta Mark Ghosh en la marginación de todos aquellos blogs que corran sobre versiones anteriores a la 2.0.11, que […]
-
[…] Vir Tags: WordPress Odzivom lahko sledite skozi RSS 2.0 feed. Lahko pustite odziv ali sledilno povezavo s svoje spletne strani. […]
-
[…] ???????wordpress? […]
-
[…] not to upgrade can have some serious consequences for your site, and one of those is being taken out of the Technorati indexation because your blog […]
-
[…] out Vulnerable WordPress Blogs Not Being Indexed for further reading. If you have WP 2.5 you can also find the link on your dashboard. […]
-
[…] you don’t upgrade your copy of WordPress, you’re at risk of being left out of the Technorati blog index as well as other services feeding off […]
-
[…] There are many languishing installs that are currently succumbing to hackers and spammers and losing their status in search engines because of it. Problems like that can hurt non-profits like us who rely on a low-cost web presence to promote […]
-
[…] Weblog Tools Collection » Blog Archive » Vulnerable WordPress Blogs Not Being Indexed (tags: Technorati, blogging wordpress web blog) […]
-
[…] affecting WordPress blogs and indexing services, like Technorati, are starting to react. Mark Ghosh over at the Weblog Tools Collection and Dougal Campbell at G33k Ramblings both wrote about an announcement from Technorati, one of the […]
-
[…] mengupgrade wordpress ke version 2.5 (terbaru) Technorati tidak akan mengindex blog anda jadi ini saatnya bagi Anda untuk mengupgrade instalasi WordPress. Kira kira seperti ini pengumuman yang dikeluarkan oleh pihak Technorati : Karena masalah ini […]
-
[…] been running this blog on WordPress 2.2.x for some time now, but after reading several warnings about Technorati (and possibly others) planned index exclusion of vulnerable blogs I’ve […]
-
[…] just upgraded this blog to WP 2.5 after reading that Technorati is not indexing sites that haven’t upgraded to WordPress’ latest version because hackers are exploiting vulnerable and orphan blogs. This is another reason for the […]
-
[…] instance, the normally excellent Weblog Tools Collection wrote about security holes due to free themes, and then said “The moral of this story is that you need to upgrade your WordPress blog now to […]
-
[…] Technorati has decided to not index vulnerable and exploited WordPress versions […]
-
[…] Technorati has decided to not index vulnerable and exploited WordPress versions […]
-
[…] did I upgrade? Because WordPress (as represented by Weblog tools collection) has managed to scare me into believing that my blog was vulnerable with previous versions. […]
-
[…] you upgrade your website? You might want to consider upgrading your wordpress ASAP if this is what going to happen soon. Some screen shot of my new […]
-
[…] done both, I realize there are many ways I could hack into a person’s blog. All I would have to do is provide myself a […]
-
[…] One of them caught my fancy and I decided to take a deeper look. The topic was Technorati & hacked WordPress blogs. More than Technorati, it was the article on Weblog Tools Collection that got me […]
-
[…] Blogs Vulnerables de WordPress no son Indexados […]
Translate This Page
About the Author
- Mark Ghosh
An avid fan of business, education, technology and finance. I lead a lean, highly focussed and capable team of Java Back End developers and Front End developers through a maze of complex software wizardry to fulfill the web maintenance needs of a large chemical manufacturer. As per Myers-Briggs Personality Types, I am an ESTJ. I pride in a project completed on time and according to plan. My hobbies include all kinds of technology, anything that I can taste and anything that goes fast or flies in the air. I like to read business books and comics in my spare time.
Categories
- bbpress
- Best of WordPress
- Blog Templates Blog Skins Blog Themes
- Blogging
- Blogging Essays
- Blogging News
- brainstorming
- buddypress
- Business of Blogging
- CMS
- Code
- Cold Fusion
- Community Interviews
- Cool Scripts
- General
- HOW-TO
- LinkyLoo
- Movable Type Plugins
- Photolog Script
- Podcasting
- QuickLinking
- Spam
- SXSW
- TLA
- Tutorials
- User Reviews
- Web Design
- Web Ethics
- Weblog Add-Ons
- Weblog tools blog tools blogging tools
- Weekly Plugin Review
- WLTC Community
- wordcamp
- WordPress
- WordPress Discussions
- WordPress FAQs
- Wordpress for Beginners
- WordPress Hack
- WordPress News
- WordPress Plugin Competition
- WordPress Plugins
- WordPress Polls
- WordPress Security
- WordPress Templates WordPress Skins WordPress Themes
- WordPress Tips
- WordPress Tools
- WordPress Troubleshooting
- WordPress Weekly
- WordPress Widgets
- WordPress WishList
- XHTML Tips
Obviously Powered by WordPress. © 2003-2013
I always look at a theme closely for anything suspicious. If it’s an encrypted footer, I’ll take it and decompile it and remove anything that isn’t wanted. I’ve found a nice handful of themes online that had some very shifty pop-under scripts and such. Found a few that had a few SQL injections in it and a few that tried to download spyware/adware to the viewers computer whenever they log to the site.
All in all – if you don’t know to decrypt something, don’t use it and go with places you can trust, like this fine site.
Here’s one potentially useful plugin, named WP Anti-Wares. It supposedly checks themes for malicious code. I always download themes from the original designer, so I can’t attest to its functionality. Also, I’m not too sure if the plugin is still under active development.
Okay, now I’m confused. Is this page no longer correct and 2.0.11 is no longer considered secure?
Tim, I stand corrected. Fixed post.
As 2.5 is quite a big step I was hoping they would provide a legacy branch for 2.3 should any serious issues arise. Is this not the case?
Another handy one is WP Security Scan, which is compatible with 2.5. I think I first heard about it here on WLTC.
Oh Good! and how can I know if some blogs are vulnerable and exploited?
What happen if these blogs link to me?
Such news would cause a lot less trouble if it was actually easy to upgrade to newer versions of WP. And I don’t mean the actual upgrade procedure, but the total instability of APIs and database schemas (often advertised very late during the development process), which causes breakage in plugins.
WP should learn from other FOSS projects and try to manage breaking changes better.
Technorati is so b0rked as to be effectively insane. I get a different authority when I’m signed in than when I’m signed out. I dropped 13000 places yesterday and got them back twelve hours later. I’ve given up pandering to Technorati and I recommend everyone does the same. Google will end up owning everything anyway, so make nice with Google Blogsearch now; save time later when our Googelian Overlords make it official.
Luca: 2.5 does not introduce any breaking changes except for those plugins that use the admin interface. Even there the breakage should be in the management and not in the plugin itself.
may WP 2.5 is stable but it doesn’t work for so many user.
and to say: do an update an your are safe is false.–
It can help but most of the time it doesn’t, because so many users doesn’t know that the hacker is in his database and inits account — because the server is unsafe
WP 2.5 is no magic wand
Monika
Mark: the change in password hashing broke some plugins that link to other applications (such as WPG, which one of my blogs uses). Others broke (temporarily, like Simple Tags) because there were some changes in the internals of WP.
Unlike the 2.2 > 2.3 transition, most of these problems are minor, but I still think that with a proper decision-making when the release cycle starts (e.g. “for version XXXX we’ll break the YYY and ZZZ APIs”) the effect can be lessened. Other, larger FOSS projects have employed this approach succesfully.
Big blogs like Techcrunch is still using 2.3.3.
The Technorati announcement got me moving on my upgrade, and it turned out to be painless. All my plugins, once upgraded to latest versions, worked without problems and no weirdness so far.
I have to admit I was all Technorati-fevered for a while. Then all of the sudden they went weird on me. Updating my site three times (sometimes listing the same post multiple times) or not updating my site for literally two weeks … then re-adding every post as if it was new.
I’ve given up trying to figure out Technorati. The only reason I cared originally was because of some Blog Judge website that gave me a crap review. Technorati is just another site that’s trying to force people to one standard … well, that’s what I think.
Though I’ve already updated my WordPress .. only plug that gives me issues is the All in One SEO which breaks my RSS for some reason.
Version 2.3.3 is not safe? I don’t like 2.5.
Roosh: 2.3.3 is safe for now but it will not receive any security updates. So when new vulnerabilities are discovered, fixes will only go into the 2.5 (and 2.0.11x) branch. So it is better to upgrade.
I very much look forward to this upcoming article from you all:
I like 2.5
http://www.labnol.org/internet.....s-changed/
When I went to open the tar.gz I got 3 error messages. Did anyone else experience this? I guess this is the weekend to upgrade. Now I wonder why I make so many different blogs. Thanks for all the interesting comments.
Oh, what a sad blog post! If WordPress is not indexed by Technorati anymore, we all will get less traffic, I guess.
I’d love to update, but I’m waiting for my host to update fantastico, cause I’m lame and don’t understand how to set up the database stuff.
@Syd you’re not lame! Loads of folks rely on Fantastico. You don’t have to do any database stuff-wp takes care of that for you automatically after the new files are uploaded(you have to login to the admin to have it happen but that’s it)
Thanks for the great info! Link posted on my blog in appreciation.
it’s not database stuff — you just
1. create a database
2. copy and paste database name, user and pass into WP config
3. run install script
done
I am using WordPress 2.5.1 so i don’t think vulnerability has anything to do with my blog not being indexable. I can’t claim it with technorati. I feel this is weird. Can someone help PLEASE? Thanks
I’m afraid I can’t agree with you. I don’t see any logic. If you upgrade your WordPress installation and keep on using that “bad theme”, it won’t solve your problems – because that “covert and encrypted” will still be present in the theme.
The solution here is to patch the theme in question (or don’t use it at all).
Hi,
I’m running WordPress 2.6.1 on two blogs, one of which is absolutely updated instantly on Technorati, and the other is not indexed at all. Additionally, my blogspot blog has stopped being indexed two days ago.
I have written about it here: http://nerdinprogress.blogspot.....-mess.html
I don’t think this is completely a wordpress thing.
Vidyut