I had a big shock when I checked the ‘users’ on one of my WordPress blogs yesterday.
To be honest I hardly ever go into the users section, and I can’t reacll why I did yesterday. I might even have clicked it by mistake:)
Anyway there should only be me as a user and there weren’t there were a few regular subscribers and ONE that had registered themselves as an ‘admin’.
Now the scary thing is that they had entered some sort of script code into one of the data entry fields on their user account. Again I forget which it was, I should really have taken more notice.
Anyway I just wanted to give you a ‘heads-up’ to check your own accounts and delete any that have snook in!
I don’t know the relevance of what this script did, and research hasn’t really helped.
It obviously wasn’t there to help me though, that is one thing that’s for sure!
So check your important sites, it’s the WordPress ‘users’ section.
Another lesson is to make sure that I have implemented my usual security on ALL of my blogs. This was one that didn’t have any security measures as such. The one’s that do are fine.
I’ll put together a proper post on good plugins to use and a .htaccess tweak or two that I do in a future post.
For now though you can’t go far wrong by installing
Login Lockdown
Secure WordPress
Related posts:
No comments yet.