Posted on September 6, 2009 - by John

Wordpress self hosted blogs attack warning!

Two of my friends emailed me this morning, asking if I had heard of attacks on old versions of wordpress. And yes, I have heard thanks to the wonder that is Twitter. I normally don’t blog at weekends but this is important.

Based on what the wordpress experts are saying here is what you need to do.

Upgrade wordpress to version 2.8.4. Do this now, and come back to read the rest later. This is serious you MUST UPGRADE.

If you are not sure what version you are using, you probably need to upgrade now! You can usually see a warning telling you your version is out of date. Or scroll to the bottom of the admin screen and you will see the version number.

If you are scared upgrading will damage your plugins or theme, then sorry! But if you are hacked, and there is a number of WP hacking going on, you have been warned!

It is essential that you upgrade.

As always backup wordpress. And please tweet this warning. I now hand you over to the experts for a full explanation.

Right now there is a worm making its way around old, unpatched versions of WordPress. This particular worm, like many before it, is clever: it registers a user, uses a security bug (fixed earlier in the year) to allow evaluated code to be executed through the permalink structure, makes itself an admin, then uses JavaScript to hide itself when you look at users page, attempts to clean up after itself, then goes quiet so you never notice while it inserts hidden spam and malware into your old posts.

Read the rest

Related posts:

1. Wordpress 2.8.1
2. Irish Blogs refuse to upgrade their blog software
3. Wordpress 2.1.2
4. Wordpress 2.07
5. Serious Virus Warning ( I am told)