Something kinda weird happened today – I got an automated email from this blog saying “Password Lost and Changed”. Then I had a look around and noticed that someone had added a link to a dodgy looking download site to the links on the sidebar there. I haven’t a clue what to make of it, but I’ve updated to the latest version of wordpress and changed the password 😯

Bloody hell – is this something I should be worried about? Has anyone out there had this happen before? Maybe it’s time to look into different software, I dunno how secure wordpress is really…


3 Comments so far

  1. stephen on August 24th, 2008

    One thing you could do that I did would be to rename the administration folder to something else. I don’t know if that’s regarded as being a proper solution to such hacking problems, though. Might want to check any other accounts you use that password on as well….

  2. Terry on August 25th, 2008

    Maybe not, but it couldn’t hurt 🙂 I’ve found a guide on doing that with .htaccess files but haven’t been able to get it working right yet…

  3. Richard on August 27th, 2008

    I rotate through a list of passwords on both a weekly and monthly basis.

    I have 12 lists of 7 passwords that I then change through.

    I’ve been meaning to build an automation system for this, but for now its all done manually.

    oh yeah, the password lists are heavily encrypted.
    I’ve tried to crack them using every available password cracking tool that I could get my hands on. Not one was able to be cracked.

    This isn’t to say that it isn’t possible, its just so highly unlikely that anyone would spend the weeks or months required to get the passwords.

    Anyway, I’d suggest using something similar.
    Just change your password regularly.

Leave a reply