Comments on: Change Your WordPress Admin Password! http://www.afewgoodpens.com/blog/2008/04/13/change-your-wordpress-admin-password/ Mon, 06 Oct 2008 16:51:03 +0000 http://wordpress.org/?v=2.6.2 By: Rod http://www.afewgoodpens.com/blog/2008/04/13/change-your-wordpress-admin-password/#comment-10223 Rod Thu, 11 Sep 2008 18:37:44 +0000 http://www.afewgoodpens.com/blog/2008/04/13/change-your-wordpress-admin-password/#comment-10223 No problem. That's the downside of using plugins, I guess - they can interact in unforeseen ways. I don't really have a take on the security angle at this point - it's not something I've looked into. There's nothing like getting hacked to motivate you though! Just like losing all your files can be a good motivator for doing more regular backups. Perhaps I'll put this on my "to-do" list. No problem. That’s the downside of using plugins, I guess - they can interact in unforeseen ways.

I don’t really have a take on the security angle at this point - it’s not something I’ve looked into. There’s nothing like getting hacked to motivate you though! Just like losing all your files can be a good motivator for doing more regular backups. Perhaps I’ll put this on my “to-do” list.

]]> By: Dale http://www.afewgoodpens.com/blog/2008/04/13/change-your-wordpress-admin-password/#comment-10222 Dale Thu, 11 Sep 2008 00:20:23 +0000 http://www.afewgoodpens.com/blog/2008/04/13/change-your-wordpress-admin-password/#comment-10222 Rod, Thanks for letting me know about this; I didn't realize it was happening. The first of the two subscribe checkboxes was provided by the Brian's Threaded Comments plugin, and the second one by the Subscribe to Comments plugin. It took a while to figure out, because I had forgotten that "Brian's threaded comments" required me to replace the comments.php file in my theme folder, so activating and deactivating comments-related plugins did all sorts of weird things. I've removed "Brian's threaded comments" since comment threading is available with Better Comments Manager. Either checkbox subscribed you correctly, but it was odd to have two. Also, was glad to remove the modified comments.php and replace it with the original anyway, as, apparently, it's easy to forget about the modification! Regards, Dale Rod,

Thanks for letting me know about this; I didn’t realize it was happening. The first of the two subscribe checkboxes was provided by the Brian’s Threaded Comments plugin, and the second one by the Subscribe to Comments plugin. It took a while to figure out, because I had forgotten that “Brian’s threaded comments” required me to replace the comments.php file in my theme folder, so activating and deactivating comments-related plugins did all sorts of weird things. I’ve removed “Brian’s threaded comments” since comment threading is available with Better Comments Manager. Either checkbox subscribed you correctly, but it was odd to have two. Also, was glad to remove the modified comments.php and replace it with the original anyway, as, apparently, it’s easy to forget about the modification!

Regards,

Dale

]]> By: Dale http://www.afewgoodpens.com/blog/2008/04/13/change-your-wordpress-admin-password/#comment-10221 Dale Thu, 11 Sep 2008 00:19:45 +0000 http://www.afewgoodpens.com/blog/2008/04/13/change-your-wordpress-admin-password/#comment-10221 Rod, That's a good question. The password I was using at the time wasn't too complex, so I just assumed some password-cracking tool figured it out. However, I spoke with Yahoo! hosting support about it, too, and their take was that even without knowing my password, a cleverly written PHP script could have compromised the site. Their contention was that blog files just weren't that secure, and it was a common occurrence. I wasn't sure how much weight to give that; and to be on the safe side, I changed my password to something much more complex ... and it never happened again. Lot's of variables here, though, especially since I was only at WordPress 2.0.2 at the time. I'm sure I'll never know exactly how it was done; but at least it hasn't happened since. WordPress and security can be a little confusing; what do you think of this, for example: http://www.deepjiveinterests.com/2008/01/19/hows-your-wp-contentplugins-folder-doing-secure-are-you-sure/ Does it really matter if someone can see the contents of a directory like this? And even if it was "secured" by the method described in this post, anyone who knows the name of a plugin subfolder can still get to the subfolder, unless they're set up the same way.... Bye for now, Dale Rod,

That’s a good question. The password I was using at the time wasn’t too complex, so I just assumed some password-cracking tool figured it out. However, I spoke with Yahoo! hosting support about it, too, and their take was that even without knowing my password, a cleverly written PHP script could have compromised the site. Their contention was that blog files just weren’t that secure, and it was a common occurrence. I wasn’t sure how much weight to give that; and to be on the safe side, I changed my password to something much more complex … and it never happened again. Lot’s of variables here, though, especially since I was only at WordPress 2.0.2 at the time. I’m sure I’ll never know exactly how it was done; but at least it hasn’t happened since.

WordPress and security can be a little confusing; what do you think of this, for example:

http://www.deepjiveinterests.com/2008/01/19/hows-your-wp-contentplugins-folder-doing-secure-are-you-sure/

Does it really matter if someone can see the contents of a directory like this? And even if it was “secured” by the method described in this post, anyone who knows the name of a plugin subfolder can still get to the subfolder, unless they’re set up the same way….

Bye for now,

Dale

]]> By: Rod http://www.afewgoodpens.com/blog/2008/04/13/change-your-wordpress-admin-password/#comment-10213 Rod Wed, 10 Sep 2008 05:19:32 +0000 http://www.afewgoodpens.com/blog/2008/04/13/change-your-wordpress-admin-password/#comment-10213 PS: when leaving my comment, I was presented with 2 "subscribe to comments" checkboxes. Wasn't sure which one to use, so I went for the first one. Now that the page has refreshed, the second one has been replaced by the "you are subscribed..." message, and I can still see the first one asking me to subscribe. Two conflicting plugins, perhaps? PS: when leaving my comment, I was presented with 2 “subscribe to comments” checkboxes. Wasn’t sure which one to use, so I went for the first one. Now that the page has refreshed, the second one has been replaced by the “you are subscribed…” message, and I can still see the first one asking me to subscribe. Two conflicting plugins, perhaps?

]]> By: Rod http://www.afewgoodpens.com/blog/2008/04/13/change-your-wordpress-admin-password/#comment-10212 Rod Wed, 10 Sep 2008 05:17:06 +0000 http://www.afewgoodpens.com/blog/2008/04/13/change-your-wordpress-admin-password/#comment-10212 Wow, this is pretty scary. I can understand how they could do this IF they had your WP password, but the question is, how did they get hold of it? Fortunately the attack was relatively benign in this case, in the sense they left your site running, but a more malicious hacker could have done a lot more damage! Wow, this is pretty scary. I can understand how they could do this IF they had your WP password, but the question is, how did they get hold of it? Fortunately the attack was relatively benign in this case, in the sense they left your site running, but a more malicious hacker could have done a lot more damage!

]]> By: Dale http://www.afewgoodpens.com/blog/2008/04/13/change-your-wordpress-admin-password/#comment-9549 Dale Fri, 18 Jul 2008 22:10:35 +0000 http://www.afewgoodpens.com/blog/2008/04/13/change-your-wordpress-admin-password/#comment-9549 Leanne, thanks. I upgraded both of my sites using the WPAU plugin last night, and but for a couple minor problems, it went extremely well. Thanks for the info and the support..... Dale Leanne, thanks. I upgraded both of my sites using the WPAU plugin last night, and but for a couple minor problems, it went extremely well. Thanks for the info and the support…..

Dale

]]> By: Leanne http://www.afewgoodpens.com/blog/2008/04/13/change-your-wordpress-admin-password/#comment-9096 Leanne Wed, 11 Jun 2008 13:20:45 +0000 http://www.afewgoodpens.com/blog/2008/04/13/change-your-wordpress-admin-password/#comment-9096 Hi Dale, I see you're still waiting on that upgrade - here's the link: http://intricateart.com/blog/how-to-upgrade-wordpress/ It includes a link to a newer plugin that auto upgrades in just a few very simple steps. :) Hi Dale,

I see you’re still waiting on that upgrade - here’s the link:
http://intricateart.com/blog/how-to-upgrade-wordpress/

It includes a link to a newer plugin that auto upgrades in just a few very simple steps. :)

]]> By: My blog ‘kena’ hacked at Sketchy Ideas http://www.afewgoodpens.com/blog/2008/04/13/change-your-wordpress-admin-password/#comment-9090 My blog ‘kena’ hacked at Sketchy Ideas Tue, 10 Jun 2008 20:44:14 +0000 http://www.afewgoodpens.com/blog/2008/04/13/change-your-wordpress-admin-password/#comment-9090 [...] I have surfed the net high and low for possible cause. Erm… actually I only surfed for 15 minutes before I can find several blogs, A Few Good Pens and Intricate Art who undergo the similar experience. [...] [...] I have surfed the net high and low for possible cause. Erm… actually I only surfed for 15 minutes before I can find several blogs, A Few Good Pens and Intricate Art who undergo the similar experience. [...]

]]> By: Dale http://www.afewgoodpens.com/blog/2008/04/13/change-your-wordpress-admin-password/#comment-7765 Dale Thu, 17 Apr 2008 00:24:34 +0000 http://www.afewgoodpens.com/blog/2008/04/13/change-your-wordpress-admin-password/#comment-7765 Thanks for the excellent list of ad sources ... I'll definitely check them out. Thinking that if I'm going to run ads here, I'd like to make different choices than the usual ones and see how it goes ... your list will come in very handy. Bye for now, Dale Thanks for the excellent list of ad sources … I’ll definitely check them out. Thinking that if I’m going to run ads here, I’d like to make different choices than the usual ones and see how it goes … your list will come in very handy.

Bye for now,

Dale

]]> By: locomotivebreath1901 http://www.afewgoodpens.com/blog/2008/04/13/change-your-wordpress-admin-password/#comment-7745 locomotivebreath1901 Wed, 16 Apr 2008 11:47:56 +0000 http://www.afewgoodpens.com/blog/2008/04/13/change-your-wordpress-admin-password/#comment-7745 I'm sorry to hear about your 'hack' problems, but even more pleased that you were able to solve the frustration. Unfortunately, things like google, intenet explorer, word press, et al are high profile 'hook' targets simply because those things are so common. Might I recommend ~not using googlag ad sense advertising? Amazon is a good start, but there are many other high quality, reliable ad networks. <a href="http://www.rosswalker.co.uk/adsense_top10/">Try here for ten good choices.</a> I chose 'Chitika', but it's your preference. I was simply tired of being 'evil'. I’m sorry to hear about your ‘hack’ problems, but even more pleased that you were able to solve the frustration.

Unfortunately, things like google, intenet explorer, word press, et al are high profile ‘hook’ targets simply because those things are so common.

Might I recommend ~not using googlag ad sense advertising? Amazon is a good start, but there are many other high quality, reliable ad networks. Try here for ten good choices. I chose ‘Chitika’, but it’s your preference. I was simply tired of being ‘evil’.

]]>