Is Your WordPress Up-To-Date? No? Then Do It Now!

Advertisement

We usually don’t post much about WordPress but we have a whole category related to Blogging where we can sometime review interesting plugins and news. Today’s news comes as a warning to all self-hosted WordPress users. If your WordPress is not updated to the latest version 2.8.4 then you are under risk…..huge risk.

Wordpress Logo There is a new worm spreading fast that can install malware and spam in your posts published on a self-hosted WordPress blog(yes, even WordPress can be infected). Once installed, all your information becomes available to hackers. This warning unlike other previous warnings comes directly from Matt Mullengen, founder of WordPress, because….ummm…its tough to catch.

According to Matt, “It(the worm) registers a user, uses a security bug(fixed earlier in the year) to allow evaluated code to be executed through the permalink structure, makes itself an admin, then uses JavaScript to hide itself when you look at users page, attempts to clean up after itself, then goes quiet so you never notice while it inserts hidden spam and malware into your old posts.”

The vulnerability that allowed the attack was fixed earlier in mid August by WordPress and they encouraged users to upgrade to latest version 2.8.4, but most users have still not upgraded.

Those who haven’t upgraded yet, there is a good news for them. The worm is spreading quite fast and there is a chance…huge chance….that your blog might get infected. So either rejoice or use common sense! (Sorry for being sarcastic here).

Moral: When WordPress tells you to upgrade, then upgrade without question. They have a reason to tell users that they need to upgrade. If you think the guys over at WordPress are a bunch of apes, then you can ignore their advice otherwise follow it immediately.

If you think your site was hacked, WordPress has a whole FAQ there to help you. Enjoy!

Advertisement
  • Maj

    Some people can’t upgrade because there’s no reasonable coding standard for plugins, so upgrading to the next version may break your plugins. If the entire functionality of your blog depends on a plugin that doesn’t work on the next version you get to choose between throwing away all your work and starting over or well… throwing away all your work and starting over.

    • The choice here for the bloggers become clear… either throw away security to get usability or throw away small part of usability for security.

      Ofcourse plugins are useful, but security comes first!

      • You are right….. Security is first…. But most of the popular plugins are regularly updated… Thats why I have removed uncommon plugins… Mostly old plugins are also compatible with new wordpress version even those are not updated.

  • updated..thanks for the warning

  • thank u for the warning