Hacker News new | ask | show | jobs
by waynesonfire 1490 days ago
very vanilla wordpress, it was a basic blog site. I think the only plugins I used were google analytics and some basic theme. I would keep it updated whenever I remember but maybe it wasn't often enough. Not exactly sure what the vector was and from whatever quality of analysis I did, the system didn't appear damaged beyond the changes made to the wordpress folder and luckily, the damage didn't seem to escape the www-data user that the http server ran as.
1 comments
dmje 1490 days ago
I'm gunna suggest compromised hosting. The issues I've seen (once plugins / core / php is up to date and obvious stuff sorted) has been almost entirely on shared hosts.
link
4oo4 1490 days ago
Php is a beast of an attack surface. On every php install I try to do as much hardening as I can, especially with `disable_functions`, since you can make it much harder for someone to get a useful reverse shell, or other nasty things, like the built in `shell_exec` function.

https://www.madirish.net/?article=229

I'm betting most WordPress shared hosting doesn't do that, nor give people the means to set up a web app firewall in front of it. Without these things I'd never want to expose a WordPress install to the internet :)

link
waynesonfire 1490 days ago
Oh, interesting, indeed could have been php.
link