The Most Active and Friendliest
Affiliate Marketing Community Online!

“RollerAds”/  “Clickaine”/

30 plugin exploits to backdoor WordPress sites

Graybeard

Well-Known Member
affiliate
The main functionality of the trojan is to hack WordPress sites using a set of hardcoded exploits that are run successively, until one of them works.

The targeted plugins and themes are the following:

 
Certified

T J Tutor

GM
Administrator
Certified Vendor
affiliate
Dojo Master
AffKit
The main functionality of the trojan is to hack WordPress sites using a set of hardcoded exploits that are run successively, until one of them works.

The targeted plugins and themes are the following:


This has been going on for many years. As soon as WP was launched, these practices began.
 
Certified

T J Tutor

GM
Administrator
Certified Vendor
affiliate
Dojo Master
AffKit
This is just one of the many reasons not to use WP for affiliate marketing (et al). In the long run, a properly coded site with the appropriate addons on the server is cheaper to manage and protect, albeit a little more money at the onset.

I like the idea of WP for various projects, and used it on some from 2004 until 2012, but in the end I had to stop using it due to the constant attacks, platform/plugin conflicts, and the various frontend and backend restrictions.

I really think that in the end, as we see, read, and hear from here and elsewhere, that the majority of the users are looking for something quick and easy. In the end they learn it was never that, can't be that, and they need somone to come in and do the work they either don't have the skills to do, don't want to learn those skills, or need the platform to do more than it was intended for.
 

Graybeard

Well-Known Member
affiliate
quick and easy
At first glance WP seems to be the ticket.
WP is really very high maintenance
  • Daily backups and you need to prune it to the past few days.
  • Frequent or auto-updates of the core.
  • Open FTP ports and vulnerabilities.
  • Serious limitations in back-end code --all CMS platforms really --they are convenient until they are not.
  • Plug-in hell
 
Certified

T J Tutor

GM
Administrator
Certified Vendor
affiliate
Dojo Master
AffKit
At first glance WP seems to be the ticket.
WP is really very high maintenance
  • Daily backups and you need to prune it to the past few days.
  • Frequent or auto-updates of the core.
  • Open FTP ports and vulnerabilities.
  • Serious limitations in back-end code --all CMS platforms really --they are convenient until they are not.
  • Plug-in hell

Great shortlist.

We see this with so many other "ready made" stuff. Great ideas, wonderful prospects, but just to many vulnerabilities, limitations, and excessive maintenance. The classic love/hate relationship.

For now, I'll stick with my dev guys and "from scratch" developed sites. It's cheaper, more secure, and profitable long term for me, and I always believe for others as well.
 
Last edited:
banners
Top