Header graphic for print
Real Lawyers Have Blogs On the topic of the law, firm marketing, social media, & baseball

WordPress blogs being hacked

WordPress lawyer blogsBeen reading recently of problems with blogs running on WordPress software being hacked.
Mike Abundo explains the hack creates spam pages within blogs and creates hidden text links to those spam pages on other blogs. A single blog can fall victim to both.

Spam is bad enough on a professional blog. ‘Good morning in-house counsel and consumers, here’s the latest in porn for you direct from our blog.’ Hidden text can be even worse as it can get you unindexed at Google.

Om Malik further references the hacking and explains the hackers’ motivation:

  • To infect visitors by exploiting a browser vulnerability
  • To place ads they can then get revenue from
  • To embed links to blogs they own, improving their page
  • To entice people to click on links that lead them elsewhere

And it’s just not happening at small time blogs. A ZDNet WordPress blog was hacked.

Don’t treat this as a ‘Chicken Little – the sky is falling.’ But do not note that as a lawyer, you can’t just throw up a blog and dismiss potential problems.

WordPress is a good solution supported by a vibrant open source community. But it has been susceptible to hacking.

There’s a reason that not one of the 50 plus AmLaw 200 law firms is using WordPress for a firm branded blog.

  • http://humidcity.com Loki

    So, out of curiosity, what do the AmLaw 200 use?

  • http://www.thecodecave.com Brian Layman

    It should be noted that those articles talk about an attack that was found almost three months ago now. Yes, it was a big deal at the time, but that was a while ago as far as Internet software is concerned. An update was released on Feb 5 that plugged the hole.
    See…
    http://wordpress.org/development/2008/02/wordpress-233/
    Everyone gets notification of the update in the front page of their WordPress blog’s dashboard and triggering an update to your site should take

  • http://kevin.lexblog.com Kevin OKeefe

    AmLaw firm branded blogs:
    * 75% use LexBlog platform which is greatly enhanced MovableType (MT) platform
    * 10% use Blogger
    * 5% use TypePad
    * 5% use Justia, using a MT core
    * 5% use MT in self hosted environment

  • http://www.scotxblog.com Don

    I took your post as marketing your non-Wordpress product. But it fell flat to my ears. I already knew about the patch that Brian Layman mentions. Why did I know? Because I patched my own system.
    The real lesson isn’t “WordPress bad; MovableType good.” It’s “Be careful before being your own IT department. There are bad people on the internet, so if you don’t have the skill set or the time to track patches and updates yourself, you should hire someone to do it for you.”

  • http://www.kungfoodie.com Kung Foodie

    I have to support the commenters as well. You state “WordPress is a good solution, BUT susceptible to hacking.” Well ALL software is susceptible to hacking. If own/write/manage a website, no matter what scripts you use, you need to have an ongoing plan for security and updates.