If you’re reading this, and you still haven’t updated your WP version to 2.8.4,  STOP! There is an ongoing attack against self-hosted Wordpress sites, and so far, it has already affected hundreds of blogs worldwide. Go to your admin panel right now, update to the latest version. Other highly recommended advice are to change to stronger passwords for all your blog users, FTP and data base access. Then come back and let’s have a nice chat here.

I know, I know. Easier said and done, if you’re running just one or two personal sites. Sorry about your long working weekend – if you have hundreds of sites running older versions of Wordpress. There’s no two-ways about, it just needs to be done.

Matt Mullenweg, the founding developer of Wordpress, stresses this point in his latest update:

There is only one real solution. The only thing that I can promise will keep your blog secure today and in the future is upgrading.

The warning from Wordpress came out several hours ago from Lorelle VanFossen, detailing the nature of this ongoing attack and how to respond if your site’s security has already been breached.  According to Lorelle, the telltale indications that your self-hosted Wordpress site has been compromised are:

• strange character or code additions to your permalinks
• a second “backdoor” admin account has been created

Wordpress excels because of it’s usability, configurability, and security. Leading web security experts are constantly monitoring the software and has been pointed out, this attack has been “anticipated.” If you’ve been using pre-2.8.4 versions of the software, you must be seeing daily the upgrade nag on your admin dashboard.

You can also learn more about your software’s vulnerabilities and how to “harden” your Wordpress through this article on WP security “Hardening Wordpress.” Good luck and happy weekend!

Popularity: 37% [?]

No related posts.

Related posts brought to you by Yet Another Related Posts Plugin.