photo by Scott Beale
There is a particularly nasty WordPress attack making the rounds right now which Lorelle talks about on her blog. If you are not running the latest version of WordPress (2.8.4), you should upgrade immediately. If you’re not sure if your installation of WordPress is running the latest version, you can check by logging into your Dashboard.
Popular blogger Robert Scoble didn’t upgrade his WordPress blog and as a result, two month of his blog posts were deleted. There’s are active discussion about what happened with Robert on FriendFeed and Hacker News.
Running a web hosting company we see first hand what happens when people don’t upgrade WordPress and their is blog compromised. It’s is not pretty. It can take quite a while fix the damage and often people find out that Google considered their blog a security risk, blocking it from search.
If you’ve ignored the warnings and it’s too late, here’s information on how to recover from a compromised WordPress install.
The good news is that once you are running the latest version of WordPress you’ll be able to do one click automatic upgrades, making the process super easy.
While you are at it, check out these suggestions on how to harden WordPress to make it more secure.
NOTE: This attack only affects self-hosted installations of WordPress. Blogs on WordPress.com are automatically updated.