Why You Should Upgrade
If you read this blog regularly (or even semi-regularly) you will know that I recommend upgrading
WordPress whenever the dashboard tells you to. Quite apart from grabbing the latest features built into the latest releases, you also pick up any patches and security updates. If internet history tells us nothing else, it tells us that sites that aren’t serious about security end up getting taken over.
It seems that there is a site offering a seemingly legitimate version of WordPress.org which is actually a backdoored version. Which is a bit cunning and a lot malicious. So what can you do to protect yourself?
Firstly (and most importantly), only ever get your copy of WordPress from the official WordPress sites: WordPress.org (for the single blog edition) or WordPress MU (for the multi blog edition). Being the real deal, WordPress will only offer the genuine article and will not knowingly make you install software that will trash your system or will leave you open to attack. And they will patch when they know about a bug or security issue. Other sites may seem faster or better somehow, but the only way to be sure that you are downloading the genuine version is to go to the official sites.
Next, themes and plugins. If you want to be completely secure, you will only go via the WordPress plugin page and theme page. I have a small issue with this: the theme page has a limited selection, from memory I found this theme after going to the theme directory. With plugins, I tend to start from the plugin directory and then navigate to the plugin’s web location – that way I get the latest version and access to any more documentation. The natural caveat on this, though, is that you navigate away from the tested versions at your own risk.
If you do not understand what a non-official patch or hack does, don’t use it until you have run it past someone who does. Personally, I know enough to be dangerous and know that tweaks I have applied will only, at worst, give me a blank page if they fail. The WordPress.org support forums are a good place to go to if you need help – in fact, this is a good rule to follow for any computer changes. I would also advise taking a backup of the site to ensure that if anything does go horribly wrong you can still roll back the changes.
None of this is rocket surgery (or brain science). Stick with the official releases and upgrade when the message appears and you are making yourself as safe as you can be. If you fail to follow the advice and you do get compromised you only have yourself to blame.