Is WordPress a security threat for mass injections?


CPL
Asked:
2012-03-06 4:58 pm EST

Hits: 2,275
I'm curious what InMotion's stance is regarding the news, in the last few days, of the new wave of 'mass injection' web site hijack threats. This is the link I've seen:
http://community.websense.com/blogs/securitylabs/archive/2012/03/05/mass-injection-of-wordpress-sites.aspx

Are sites hosted on InMotion being protected, and have there been any known breaches?
-Chris

You must login before you can ask a follow up question.

You must login before you can submit an answer.

OTHER ANSWERS

0

Tim S.
Staff
9,967 Points
2012-03-06 5:22 pm EST
Hi Chris,

Thanks for posting your question. I'm more than happy to answer your questions today. I've read the article and it mentions WordPress specifically. This seems to be a breach of WordPress and not a server. We have not seen an influx in attacks or breached websites on our servers. Since this is a third party application with many different configurations, the responsibility falls on the customer to make sure their software and plugins are up-to-date.

The reported numbers of WordPress sites affected only represent a small number of WordPress websites globally. There's over 60 million websites currently running WordPress with 200,000 suffering from this attack. That only accounts for 0.33% of the WordPress sites around the globe.

Also, the article never mentions the methodology that the attackers use to inject the code into WordPress. There's any number of scenarios that this could occur. Since the attack is specific to WordPress, it's highly doubtful that there was any breach in server security.

I've also been monitoring the WordPress website for any news releases or patches. I run a current WordPress site myself and have not seen any patches. Since WordPress is open-source typically, when a security hole is found, it is patched immediately and all WordPress websites will be notified of a patch to the software.

I'm also active daily in the WordPress community helping other developers. I've not seen any threads in the WordPress forums about a mass injection to WordPress sites. In the past, when there has been a security threat to WordPress, you'll see a lot of new threads being created about it.

Our systems administrators monitor all of our servers for threats 24 hours a day 7 days a week. Anytime we any activity that may potentially be threatening is found we do everything we can to mitigate the attacks immediately.

I hope this helps clarify the article a bit more for you. If you have further questions or concerns please feel free to contact us.

Thanks!

Tim S

You must login before you can post a comment about this answer.

Like this Question?

News / Announcements

WordPress wp-login.php brute force attack
Updated 2014-07-17 06:43 pm EST
Hits: 201004

Related Articles

It looks like there are no related articles.
Would you like to ask a question about this page? If so, click the button below!
Ask a Question

Need more Help?

Search

Ask the Community!

Get help with your questions from our community of like-minded hosting users and InMotion Hosting Staff.

Current Customers

Chat: Click to Chat Now E-mail: support@InMotionHosting.com
Call: 888-321-HOST (4678) Ticket: Submit a Support Ticket

Not a Customer?

Get web hosting from a company that is here to help. Sign up today!