| Portal Home | Client Area | Announcements | Knowledgebase | Support Tickets |
08/09/2009 15:33
Wordpress exploit affecting all versions pre 2.8.4
If you are using Wordpress you must make sure you upgrade it to 2.8.4 *IMMEDIATELY* or remove it from your site entirely.
Details on how to upgrade are located here: http://codex.wordpress.org/Upgrading_WordPress
Wordpress has identified that there are hackers out there, hacking sites that aren't using the most-current version of Wordpress (versions below 2.8.4 as of 05/09/2009 -- there are rumours that 2.8.5 is due to be released imminently so keep an eye out for that too).
If you have not yet been hacked, UPGRADE NOW! Immediately. Stop reading this, really, and go upgrade. If you don't know how, open a support ticket and we can help you.
Again, details on how to upgrade are located here: http://codex.wordpress.org/Upgrading_WordPress
If you have been hacked, sorry, you're going to be busy! Upgrading alone will not fix a hacked site. Mashable.com's alert said: "You'll likely need to export your all your content with the built-in XML WordPress export, uninstall and reinstall WordPress and re-import the content. It's a nasty attack that goes all the way into the database, so exporting the database will result in exporting the hacked code too."
Not sure how to do that? It's not that difficult, but it is very time-consuming.
I cannot stress how important it is to get your Wordpress installation up-to-date, a number of our customers have reported problems in the last 48 hours, the source of these problems have been to do with out of date Wordpress installs. Remember: If your scripts are out-of-date then your site is insecure and could be hacked at any moment.
