Being a blogger, i am sure everyone is well aware of the wordpress engine as almost 5317360 bloggers are using it to run their blog sites. Even TechNama is powered by WordPress engine and we are very much satisfied with their services. Recently, i came across a news at TechCrunch that Wordpress has been facing a serious security threat to its older versions and hence all users should immediately update their current version to any version above 2.8.4 since all versions uptil 2.8.4 are vulnerable to the said security threat.
Things that you should know about this attack are following as per lorelle:
1. Reports are that this attack impacts ALL versions of WordPress up to 2.8.4, the most recent release.
2. What Version Am I Using? If you are using a WordPress version after 2.7, the nag screen on the WordPress Administration Panels will alert you to upgrade. If you are using an older version, upgrade now.
3. Use a WordPress Plugin for Protection: Do not rely upon a WordPress Plugin to protect you. There are many reports of Plugins that will “help” in the comments. While they might help in other ways, please upgrade now. That is the only solution if your site has not been impacted.
4. WordPress is Not Secure: WordPress is incredibly secure and monitored constantly by experts in web security. This attack was well anticipated and so far, WordPress 2.8.4 is holding. If necessary, WordPress will immediately release a update with further security improvements. WordPress is used by governments, huge corporations, and me, around the world. Millions of bloggers are using WordPress.com. Have faith they are working overtime to monitor this situation and protect your blog.
5. Fear of Upgrading: This attack is serious enough to overcome all your fears of updating. If older WordPress Plugins are holding you back, update them to the latest version or replace them with new. If your Theme might break, contact the Theme author and update or replace it. There are thousands of free Themes to choose from, probably some better than what you are using. If you are using a recent version of WordPress, updating is as easy as clicking a couple buttons. If you are using an older version, download the most recent version and upgrade now.
6. Other Issues? Whatever your issue is that keeps you from updating WordPress, get over it and update now to protect your site.
To find out if your site has been attacked or not you can check for the following as mentioned by Lorelle:
There are two clues that your WordPress site has been attacked:
First, there are strange additions to permalinks, such as example.com/category/post-title/%&(%7B$%7Beval(base64_decode($_SERVER%5BHTTP_REFERER%5D))%7D%7D|.+)&%/. The keywords are “eval” and “base64_decode.”
The second clue is that a “back door” was created by a “hidden” Administrator. Check your site users for “Administrator (2)” or a name you do not recognize.
There is no other alternative to this problem so better update your version before you face much bigger problems or lose all your effort and data to some exploiters. We have done in our case and we hope our readers will also follow suite. Do give us your feedback and comments in case you have any further info on this case.
Related Articles:
- How to add Statpress Plugin (Daniele Lippi) in Wordpress Blog
- Download Wordpress Beta 0.9.0.134 for Blackberry
- Download Wordpress 2.8
- Wordpress 3.0 (beta) Launched
- Troubleshot: Warning: Cannot modify header information – headers already sent by (output started at… [WORDPRESS]
- How To Add Favicon In Wordpress Coding
{ 1 comment… read it below or add one }
i just wish that LCD TVs would have more contrast and brighter colors like CRTs~”;