Upgrade Wordpress NOW
 

For those of you who have been putting off upgrading your blogs, now is the time to do it.
There's a wp worm doing the rounds inserting spam links and stuff.Apparently it's pretty efficient and the number of compromised WP installs is growing at an alarming rate.

http://lorelle.wordpress.com/2009/09...-under-attack/

http://www.journeyetc.com/uncategori...-rss-problems/

those hackers!

Fris, since you are the wp ninja I've been meaning to ask you something:
Is there any way to upgrade several blogs on various hosts automatically?

I've been thinking of installing WP Mu since I mostly use the same plugins on all my blogs and it might be easier to just use a single wpmu installation instead of going in and updating each one individually.

Is this a good idea?

whats the point of updating if...

Reports are that this attack impacts ALL versions of WordPress up to 2.8.3 and 2.8.4, the most recent release.

I think we can insert a timeline pic here....

http://www.nnteenmodels.net/gfy/timeline.jpg

:1orglaugh:1orglaugh:1orglaugh

What are you supposed to upgrade to? That first link has people saying that 2.8.4 got exploited too!

Why not just change your version number to a non-existent one, and move your admin directory?

remove_action('wp_head', 'wp_generator');

Hehe that obviously wasn't there when I posted this. When I read that site, it said that only versions prior to 2.8.4 were vulnerable.

This sucks.

Damm ........

htaccess password protect your admin area.

What he said. And disallow any ip but your own...

ya best way is to use htaccess in your admin area

http://www.wptavern.com/top-5-wordpr...ly-dont-follow

There are people reporting that their 2.84 versions are being hacked with this, but it appears they are just people that had older versions that were already hacked, then they just upgraded over top of the hacked site (they may or may not have known it was hacked already), which was too late.

Show me a link to a hacked wordpress site or it didn't happen...

just turn off the 777 settings after you finish editing your blog. Then nothing can be modified. Lots of peeps forget to do that.

Thanks for the advise :)

I was one of the dumb people who dont give a jerk about security
Until i got flipped years ago by it..You need to feel to believe i think.

Stop acting like your blind, and follow those 5 simple steps to disappear from the eye of the bad one. You dont want your shit to be hacked I am SURE!!!!!!!!!!


DO THOSE TIPS!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

PS i Use the Admin Redirect
I have asked many to access it, they only see my main site
Their IP is not allowed to come even close to what is called ADMIN

This is one of the best basic " Safe your own ass " things you can do
Takes you 5 minutes to upload one file to your wp-admins


PS i thank GFY for making me aware of those issues more. Turning a blind eye here is not so easy when you want to make some money. Props to Fris!

I've script that checks CRC of my PHP files every 15minutes.

I always laugh when I see this... :1orglaugh:1orglaugh:1orglaugh:1orglaugh

I suck at HTACCESS, could someone post the code for the admin area?

but please be careful!! first back up your data and then upgrade your wp script :)