In case you haven’t heard yet, there’s a worm that’s working its way around old and unpatched versions of WordPress. Already it has infected some, including sites that belong to tech celebrities Robert Scoble and Andy Ihnatko.
According to the WordPress Blog, this worm is a clever one: it registers a user, uses a security bug (fixed earlier in the year) to allow evaluated code to be executed through the permalink structure, makes itself an admin, then uses JavaScript to hide itself when you look at users page, attempts to clean up after itself, then goes quiet so you never notice while it inserts hidden spam and malware into your old posts.
Everyone who owns or manages a WordPress site is advised to upgrade to the latest version 2.8.4 since this, as well as the one before that, is immune to the worm.
How do you know you current version? Versions 2.7 and later has a nag notice on the dashboard that tells you to upgrade. If you don’t see that nag notice, then you are using an even older version of WordPress. Upgrade to the latest version here.
This recent incident raised the question of whether WordPress is a secure program. Technically, any software that is not not updated regularly is vulnerable to hack attacks. So it’s a matter of getting your site up-to-date as soon as the latest version becomes available.
I would also recommend conducting regular backups to keep your data safe and secure.
To learn more about this issue by visiting the following links:
* http://wordpress.org/development/2009/09/keep-wordpress-secure/
* http://lorelle.wordpress.com/2009/09/04/old-wordpress-versions-under-attack/
* http://www.guardian.co.uk/technology/2009/sep/09/wordpress-hacking-blogging
To get more information about the latest trends on WordPress design, visit http://10wordpress.com/
Related posts: