One of the most popular pieces of blogging software out there right now is WordPress.
There are millions of bloggers out there who depend upon this software in order to get their message out to the world, or at least those few people who find them.
If you are a blogger then one of your primary concerns should be ensuring that the software you use is safe.
In this case, safe means that there can be no serious exploits used against the blogging platform or any other installed software.
In the past, WordPress has come under fire at times for security issues that have plagued the program.
(Personally I think some of that criticism is unfair and it reminds me of the Windows vs Mac arguments I keep on hearing – namely that a certain system is less safe than another when the reality is that it is simply more popular and therefore targeted more often.)
Fortunately, WordPress is open source and any related security issues tend to get patched very quickly.
With this recent database hack, however, there seems to be a lot of controversy surrounding it.
So much so, that the creators of WordPress decided to speak out about it.
The hack that is out right now allows an attacker to see certain database credentials.
Once they are able to get these credentials, they are then able to log onto the web site’s administration section.
From there they are able to redirect the sites to point to a malware-filled web site that the attacker owns.
Network Solutions Hosting
The controversy about this hack lies in the fact that it seems the majority of the people who have been attacked have their web sites hosted at Network Solutions.
This could lead you to conclude that it might not be the WordPress software that is the problem but the host of the web sites who are at fault.
Of course, the companies that host the sites say that they are not the problem and that it is a hole in the WordPress security process.
Network Solutions claims that the problem falls into WordPress’s lap.
They say that WordPress has the passwords to their blogs databases in plain text format and this is a bad idea which is something I tend to agree with.
Ideally, this should only be able to be read by the server software that is on the system but an attacker using a back door attack on the system can find a way to read it as well.
This is why the creator of WordPress says that Network Solutions is the problem – they insist that the exploit is coming from their end and that users of shared hosting solutions should not be able to see each other’s account information.
If the server is set up right, this information should not be visible to anyone but the user.
In Network Solutions hosting this appears as though it may not be the case, and the main reason why the plain text format of the database information became vulnerable, though it has to be said that the issue may in fact lie with the file permissions set by the users themselves.
It May Be Your Fault
Hopefully you can see all sides of the argument and understand why each side thinks the other is at fault, but you have to remember that if you run a blog, or any other kind of website, then you need to take a certain level of responsibility yourself – you must be on a constant lookout when it comes to your online security.
If you are running a web site, especially one that has people visit it on a regular basis, then there will be people who try to hack into it.
If you keep up with all of the updates to the software, then you should be able to avoid an attack such as this.