WordPress Under Attack, Upgrade Now

by Scott Beale on September 5, 2009 · 7 comments

Zombies Invade San Francisco!

photo by Scott Beale

There is a particularly nasty WordPress attack making the rounds right now which Lorelle talks about on her blog. If you are not running the latest version of WordPress (2.8.4), you should upgrade immediately. If you’re not sure if your installation of WordPress is running the latest version, you can check by logging into your Dashboard.

WordPress founder Matt Mullenweg talks about how to keep WordPress secure.

Popular blogger Robert Scoble didn’t upgrade his WordPress blog and as a result, two month of his blog posts were deleted. There’s are active discussion about what happened with Robert on FriendFeed and Hacker News.

Running a web hosting company we see first hand what happens when people don’t upgrade WordPress and their is blog compromised. It’s is not pretty. It can take quite a while fix the damage and often people find out that Google considered their blog a security risk, blocking it from search.

If you’ve ignored the warnings and it’s too late, here’s information on how to recover from a compromised WordPress install.

The good news is that once you are running the latest version of WordPress you’ll be able to do one click automatic upgrades, making the process super easy.

While you are at it, check out these suggestions on how to harden WordPress to make it more secure.

NOTE: This attack only affects self-hosted installations of WordPress. Blogs on WordPress.com are automatically updated.

More Coverage: Slashdot, Mashable and TechCrunch.


filed under Security, WordPress

Here are a few other possibly related posts you might enjoy:

The WordPress Automatic Upgrade Plugin Rocks

WordPress 1.5 Upgrade Party

Alert, Upgrade To WordPress 2.1.2

WordPress 2.3.2 Urgent Security Release

WordPress 2.3 Released, Includes Support For Tagging

Written by Scott Beale

There are 5505 blog posts on Laughing Squid by Scott Beale.

You can subscribe via RSS, Email, Twitter & Facebook.

 

Comment System Registration

To comment on a blog post, login to IntenseDebate, the commenting system we use for this blog. If you are new user, please sign-up for an account.

This website uses IntenseDebate comments, but they are not currently loaded because either your browser doesn't support JavaScript, or they didn't load fast enough.

{ 7 comments… read them below or add one }

Jeff Keyzer September 5, 2009 at 2:39 pm

FYI – I know of one individual who used the “one click upgrade” and it completely hosed his blog. Beware.

Philippe Martin September 5, 2009 at 3:27 pm

You can also us this patch http://pastebin.com/f6697b79

Scott Beale September 5, 2009 at 3:29 pm

It’s better to actually upgrade WordPress than rely on patches.

Philippe Martin September 5, 2009 at 3:31 pm

i know but it’s a 3 day week-end, it could be a b plan

Mike September 6, 2009 at 1:18 pm

Phillipe,
Can you provide a little more info on that patch and how to utilize it? I need to upgrade a WP install but can’t do it until after the weekend and this would save my butt.

Alex September 6, 2009 at 10:37 am

Oh god, that pic scared me. Thanks for the info!

Scott Beale September 6, 2009 at 10:39 am

Yeah, nothing like some zombies to help motivate a software upgrade.

Previous post:

Next post: