That’s What We Already Said: Upgrade WordPress To Avoid Security Attack

WordPress is widely used blogging platform but it’s previous versions are now under attack, We already talked about this issue on Internet Techies at the time of WordPress 2.8.4 release, we explained the “Reason for Upgrade”, which was nothing but avoiding security threat.

secure_wordpress Latest version of WordPress i.e. 2.8.4 is having some changes in WP-Login.php file thru which the attackers actually used to create an Admin ID and then do some changes in your permalink by populating it with their own keywords. As a result of that, you will loose your links, traffic and at the most your WordPress Database. This same issue is also highlighted by TechCrunch and Mashable yesterday based on a post from Lorelle.

According to Lorelle, there are two clues to find out whether your WordPress blog is attacked or not,

There are strange additions to the pretty permalinks, such as example.com/category/post-title/%&(%7B$%7Beval(base64_decode ($_SERVER%5BHTTP_REFERER%5D))%7D%7D|.+)&%/. The keywords are “eval” and “base64_decode.”

The second clue is that a “back door” was created by a “hidden” Administrator. Check your site users for “Administrator (2)” or a name you do not recognize. You will probably be unable to access that account.

If you find that your wordpress is showing any of the above clue, just don’t panic. First of all, take full backup of your WordPress blog including Database. Now Uninstall the older WordPress from your host server and install the latest version i.e. WordPress 2.8.4. Now move your data like “Images from WP-Content/Upload” and then Tables thru PhpMyAdmin panel. Customize the WordPress dashboard for your older permalink.

If you didn’t find any of the clue explained above but still having the older version of WordPress installed on your host then your are just waiting for the attack. We will strongly recommend you to do the following on ASAP,

Upgrade Your Older WordPress To WordPress 2.8.4

If you are having any fear about loosing your data at the time of upgrade, then take a full backup before doing that. Then go for Automatic upgrade from Your WordPress Dashboard. There is nothing to worry about WordPress Upgrade, it only takes couple of minutes to complete. For precautionary measure, you can disable each and every plug-in before performing automatic upgrade and then install the latest version of the plug-in after WordPress installation completes.

Subscribe our Newsletter to get updates about WordPress Attack and latest security releases. WordPress is already working on its future releases WordPress 2.8.5 and WordPress 2.9, Read details about it.

For more information about securing WordPress, Kindly refer the latest post by Matt on WordPress Security.

Sanjeev Mishra is a professional blogger and an Internet Marketing Consultant based in India. He has built the Internet Techies to provide you updates in technology and web application area.
  • http://www.techfreakstuff.com Tech-Freak Stuff

    The “eval(base64_decode” string is also found in WordPress themes. For the complete detailed discussion of this topic please read my post: http://techfreakstuff.com/2009/07/what-encrypted-code-wordpress-themes-evalgzinflatebase64_decode.html

    You will really find it useful!

  • http://www.clickonf5.org Sanjeev Mishra

    @Tech-Freak Stuff Thanks a lot buddy for sharing such nice info here. Link is definitely worth reading.

  • http://blog.onesuite.com MichaelR

    Glad I saw this, we are still uisng the older version of WP. We might as well upgrade for the peace of mind.

    Thanks Sanjeev.

    Michael

  • http://www.clickonf5.org Sanjeev Mishra

    @MichaelR Thanks a lot Michael, I am glad that you liked the post and I will strongly recommend you to upgrade the WordPress to the latest verion i.e. WordPress 2.8.4