Their are numerous reports that older versions of WordPress are exposed to security threats. WordPress is one of the largest blogging engines with over 5,317,360 and counting downloads for their latest version, 2.8. Many large blogs, including TechCrunch, rely on WordPress to get the news out and post content online.
Writes Lorelle on her WordPress-centric blog:
There are two clues that your WordPress site has been attacked:
First, there are strange additions to permalinks, such as example.com/category/post-title/%&(%7B$%7Beval(base64_decode($_SERVER%5BHTTP_REFERER%5D))%7D%7D|.+)&%/. The keywords are “eval” and “base64_decode.”
The second clue is that a “back door” was created by a “hidden” Administrator. Check your site users for “Administrator (2)” or a name you do not recognize.
Automattic, WordPress’ parent company, hasn’t commented on this issue, but we’ll keep everyone updated. In the meantime, we urge you to update your WordPress blog immediately.
To Prevent Your WordPress Blog from Attack
To prevent this form of attack, update your WordPress site IMMEDIATELY to the latest version. Change ALL passwords to a strong password immediately, including WordPress blog access for all users, database, FTP, control panels, everything.
If Your WordPress Blog Has Been Attacked
If your site has already been attacked, it appears that the hack attacks the database, going deep. We’re looking for solutions, but the easiest appears to be to export all your content with the built-in XML WordPress export (pre 2.1 versions, try the WordPress-to-WordPress Import WordPress Plugin) and literally remove your WordPress installation totally (save images and general files). DO NOT EXPORT YOUR DATABASE! Install the latest version of WordPress and add the “clean” backup of your WordPress Theme, then import the XML export. The export will contain your posts, Pages, and comments, and hopefully no other hacked code.
“How To Completely Clean Your Hacked WordPress Installation” by Smackdown is a good article on how to reinstall WordPress after being hacked, but take care to keep your export limited to the post content and comments (and Pages), not the entire database as the hack goes into the database.
How to Respond to a WordPress Attack
WordPress has been requesting users update as soon as an update is released for several years. They also now have a excellent team to track down this issue and quickly protect WordPress with any necessary updates.
Please blog and Twitter about the attacks. It’s important that we spread the information throughout the WordPress Community as fast as possible, encouraging everyone to update WordPress. Take care not to promote rumors, just the facts, until we know more.
If you have pertinent information that will help the WordPress team track down and stop this attack, please report it to security@wordpress.org.
Check the WordPress Support Forums for more information and support. Also check for news and announcements on security issues and updates on the WordPress Development Blog and in your WordPress blog Dashboard Panel.
Please, keep your WordPress site constantly updated. You are now informed of updates directly through the Administration Panels. Act upon it.
