I Don’t Allow WordPress Comments At Present And You Probably Shouldn’t Either
First let me say that I love WordPress, however it’s not perfect. I’ve been around awhile; my first sites were written in HTML using wordpad so you can imagine how using WordPress with a premium theme is wonderful compared to back then.
However it’s not without its problems. Hackers are getting more sophisticated and since WordPress accounts for an enormous amount of websites it is an attractive target. Find a vulnerability and voila you have millions of websites to plunder.
I speak from experience, I’ve had one of my sites hacked through a membership plugin.
So according to an article in Forbes, Klikki Oy has found a vulnerability in the WordPress comment area which can allow a hacker to take over your site. They could even change your password and lock you out. I haven’t been locked out yet, in my case the sneaky devils tried to hide and use my site to spam comments for cheap goods on other sites. You know, the out of context comments that list tons of stuff at low prices. They tried to go undetected and I only found them by chance. It could have been much worse. You can bet it didn’t help my Google rank on that site since it made me look like sleaze ball junk commenter.
So for now I’ve taken down comments and will wait until Worpress comes up with a fix (they’re working on it now).
Make your own decision, but at least Google “wordpress comment vulnerability” and get the definitive scoop.