WordPress Blogs Suffer from a Mass Compromise

Let's start our week with news about security vulnerabilities of WordPress blogs. This is one of the most used blog scripts out there, including the Webew.com multi-sites free blog hosting. If you are using WordPress blog script, you need to read this article to make sure that you're free from malware.

"Mass compromises have not been in the news of late but a new wave recently hit the headlines. According to news reports, users running the popular blogging platform WordPress have been hit with an attack that modifies a setting within the application that contains the URL of a blog.

In compromised sites, this setting is changed to point to a malicious website. This redirects all would-be blog readers to the said website, which contains scripts leading to a malicious file detected by Trend Micro as TROJ_BUZUS.ZYX." (2010, Trend Micro)

"Mark Jaquith’s good rule of thumb is “the most restrictive permissions that still work.” File permissions vary from server setup to server setup, Generally, “644″ is recommended for wp-config.php. For public_html, it is usually 755." (2010, Network Solutions). I agree, the 755 folder and 644 file permission should be implemented before you roll-out your blog.

Cheers for now.