There are latest reports that WordPress blogs using older versions are under attack and are under imminent security risk. It is reported that many WordPress blogs have already come under attack. The number of blogs affected by this attack is reported to be increasing every hour. Lorrele, who writes regularly on WordPress, has advised the WordPress bloggers to immediately update their blogs to the latest versions of WordPress (version 2.8.4) without even reading further about the details of the attack. So critical is the attack as per her estimates!
While all versions of WordPress could be under attack, reportedly the latest version 2.8.4 has not come under attack so far. However, one has to keep the fingers crossed.
It is pertinent to point out that millions of bloggers use WordPress to power their blogs. TechCrunch reports that there are more than 5 million WordPress blogs (over 5,317,360 – to be precise). It shows the popularity of WordPress. It is the software of choice for blogging. Many of the popular brands such as Ebay, Yahoo, Digg, Ford, Wall Street Journal, Sony, New York Times, Mozilla Firefox, Wired, CNN, Network Solutions, etc., use WordPress for their blogs.
WordPress is an open-source software for powering blogs. It is supported by a vast community of experienced programmers. One can rest assured that such attacks will rather make WordPress stronger. And, it is hoped that soon some security update will be issued keeping in view the tremendous strength displayed by WordPress community so far, notwithstanding many attacks in the past. One’s strength can be best judged during adverse circumstances only. I am sure that within a period of few hours itself, some security update would be released. However, since it is the older versions of WordPress that are mainly under attack, it is of utmost importance that if you are using an older version of WordPress to power your blog then you must upgrade it forthwith. No excuses should be found to delay the process of upgrading it. Moreover, also immediately change passwords for all administrator users for your blog to strong passwords if you are not using stronger passwords already. Also change the cPanel password for your web-hosting. Read my earlier article on How to select strong password? for selecting strong passwords.
I am not repeating other details of the current attack. You can see more details by here or here. However, I am reproducing the following details from Lorrele’s blog as to what could be the symptoms to find out whether your blog has been affected by this attack:
“There are two clues that your WordPress site has been attacked.
There are strange additions to the pretty permalinks, such asexample.com/category/post-title/%&(%7B$%7Beval(base64_decode($_SERVER%5BHTTP_REFERER%5D))%7D%7D|.+)&%/. The keywords are “eval” and “base64_decode.”
The second clue is that a “back door” was created by a “hidden” Administrator. Check your site users for “Administrator (2)” or a name you do not recognize. You will probably be unable to access that account, but Journey Etc. has a possible solution.”
So, bloggers, better be on watch!
Did you like this article? To get all such articles from Tech Superb directly:
Related Articles:
If you would like to make a comment, please fill out the form below.
Nice blog great work on your article keep them coming.