wp Security Threat: WordPress Under AttackWe’re hearing of numerous reports that older versions of WordPress are exposed to security threats. WordPress is one of the largest blogging engines with over 5,317,360 - and counting - downloads for their latest version, 2.8. Many large blogs, including TechCrunch, rely on WordPress to get the news out and post content online.

Writes Lorelle on her WordPress-centric blog:

There are two clues that your WordPress site has been attacked:

First, there are strange additions to permalinks, such as example.com/category/post-title/7B$5BHTTP_REFERER7D/. The keywords are “eval” and “base64_decode.”

The second clue is that a “back door” was created by a “hidden” Administrator. Check your site users for “Administrator (2)” or a name you do not recognize.

To prevent this attack, if you have not done so already, update your WordPress install immediately to the latest version. Change all your passwords to a strong password (cough), including WordPress blog access for all users, database, FTP, control panels, etc. These are all highly recommended procedures.

Automattic, WordPress’ parent company, hasn’t commented on this issue, but we’ll keep everyone updated. In the meantime, we urge you to update your WordPress blog immediately.

(Image via Developer Tutorials)

Crunch Network: CrunchGear drool over the sexiest new gadgets and hardware.

TechCrunch50 Conference 2009: September 14-15, 2009, San Francisco


71a7ba935d5cf5e8dba355aa787fcd35 Security Threat: WordPress Under Attack

67301164d96328d1db32a36554564b29 Security Threat: WordPress Under Attack

Security Threat: WordPress Under Attack
Security Threat: WordPress Under Attack
Security Threat: WordPress Under Attack Security Threat: WordPress Under Attack Security Threat: WordPress Under Attack Security Threat: WordPress Under Attack Security Threat: WordPress Under Attack

Security Threat: WordPress Under Attack

Tagged with: