If you haven’t heard already, the WordPress community is abuzz about a new “clever” worm that is making the rounds and wreaking havoc on many WordPress installations. The nasty bug may automatically attack any WP-powered blog version prior to 2.8.3 — and I know many, many people are running 2.7 or lower. WordPress founder, Matt Mullenweg, posted on WordPress.org the importance of keeping your WP installation secure.
Right now there is a worm making its way around old, unpatched versions of WordPress. This particular worm, like many before it, is clever: it registers a user, uses a security bug (fixed earlier in the year) to allow evaluated code to be executed through the permalink structure, makes itself an admin, then uses JavaScript to hide itself when you look at users page, attempts to clean up after itself, then goes quiet so you never notice while it inserts hidden spam and malware into your old posts. [via ma.tt]
I, myself, have numerous installations that were vulnerable up until a few hours ago. The work involved in upgrading can sometimes be overwhelming, depending on the number of custom scripts and outdated plugins that have not been recently updated by the author. I have been very comfortable with 2.7.x installations and haven’t seen the need to upgrade, until today.
Don’t wait — upgrade now.
I’m sending out an email to all friends, family and clients to encourage them to upgrade to the latest 2.8.4 version of WordPress without delay. I am burning the midnight oil and will make myself available this entire extended weekend, so don’t hesitate to contact me if you need help with upgrading.
Personally, I’m happy to announce that all my blogs are patched and ready to face the dangerous world of malicious scripts and malware that plague the digital age.
So, why am I posting this on both my blog and via Posterous?
Only to point out that if you stick to using hosting solutions, like Posterous, to take care of your blogging and other social networking tasks — you are free to spend your time focusing on developing content and browsing the Internet as if nothing dangerous is happening. But, don’t take that statement to the bank, as just a few days ago I read how Brian Mastenbrook basically infiltrated the inner-workings of Twitter and 37 Signal’s hosted Basecamp solution, due to code falling through the cracks of Ruby on Rails.
If you need to upgrade to the latest version of WordPress for your blog and are having difficulty, I’m open to inquiries and would be happy to take a look. I am offering WordPress Upgrade Support at a discounted rate, for a limited time. Click here to contact me via e-mail.
Follow me on Twitter!
This article was viewed 50+ times within the first couple minutes of being posted!
Looks like a lot of people are possibly unaware of this situation.
Have you upgraded your WordPress installation? Did you hit any snags?
Post your experience in the comments.
[...] WordPress blogs with version 2.8.3 or below. Check out this post I wrote detailing the situation: WordPress Worm Attack for more info. Share and [...]