Older WordPress Versions Are Insecure
I have said this many times before: UPGRADE WORDPRESS WHEN PROMPTED. This one is in the style of “beating you about the head and body and then caning you across the eyeballs“. Why? Because a hack has been discovered that makes your older, more stable, more comfortable WordPress.org install very insecure and really you may as well make the password
Pa55w0rd – because your older version can and will be pwned.
Now that I have your attention…. Go to Lorelle‘s site, Robert Scoble‘s site and the WordPress Dev Blog to see details of this new exploit. If you have version 2.8.4 (like what I do), you are more secure. As well as upgrading, remove the default admin account and create a new one (reverse order, is good on that one), check for phantom admin accounts and make sure you are using a strong password. There are other things to do, but that will keep you going for now.
I regularly get comments such as “if I upgrade it breaks all my plugins”, “my theme doesn’t work if I upgrade now” and so on. You now get to make a value judgment: if you don’t upgrade you could end up no longer owning your blog vs giving up or changing a few plugins or a theme. Which of these is the worst case scenario for you?
Upgrade now. You know it makes sense.
Posted on 7 September, 2009, in Blogging/WordPress, Computer Stuff, Idiot's Journey, Open Source and tagged admin, hack, Hosts, Lorelle on WordPress, On the Web, ownership, Password, Robert Scoble, Templates, Vulnerability, Weblogs, wordpress. Bookmark the permalink. 29 Comments.