In recent weeks a large number of Media Temple customer have had their Wordpress sites hacked. A simple Twitter search will reveal a majority of the dozens of hacked Wordpress sites were Media Temple customers. There was even a thread on the official Wordpress Forums for Media Temple customers. Many of these users reported they were using the latest version of Wordpress 3.01. At first glance it would appear that it was only affecting Media Temple customers and therefore many wrongly assumed that it must be a security vulnerability with Media Temple’s infrastructure. Irresponsible and uninformed bloggers accused Media Temple of being lax on security and shifting blame. 

The Facts

Although I mentioned a simple Twitter search would reveal that the majority hacked Wordpress sites were Media Temple customers, the fact is they weren’t the only ones. This was either purposefully overlooked by many or more than likely it was a irresponsible rush to judgment and laziness.  

Several of Media Temple’s customers reported on the Media Temple forums that they were running WordPress 2.9.2 (even 2.3) while others said they were using the latest version. Well guess what? The latest Wordpress 3.01 is about two week old and it’s being reported by Major Security that it is vulnerable to Cross Site Scripting attacks. So all those people who used the latest version and blamed (mt) should be angry at WordPress.

The fact is Media Temple was not to blame for these attacks and they should be praised for their amazing support. With the exception of one (1) security problem they had with FTP passwords a few months back, Media Temple has had the best security and been the most open, honest and proactive hosting company I know of. They wrote a very informative post on their blog describing how these attacks occur, what can be done to prevent them and how to clean them. They also put together some excellent information on security and how to clean an infected Wordpress site on their Wiki. You can also view their Twitter stream and see all the support they were providing to customers in helping them recover from these attacks.

The sad reality though is most of the irresponsible bloggers won’t acknowledge their incorrect, irresponsible and misguided comments. They won’t apologize and they certainly won’t commend Media Temple for their commitment to security and their customers. Yes, I’ve become a loyal customer (and fan) of Media Temple but that’s because no other company I know of provides the same level of service or has the same commitment to it’s customers.

Categories: hosting, security,
blog comments powered by Disqus
  1. wackzingo posted this