WordPress is widely used blogging platform but it’s previous versions are now under attack, We already talked about this issue on Internet Techies at the time of WordPress 2.8.4 release, we explained the “Reason for Upgrade”, which was nothing but avoiding security threat.
Latest version of WordPress i.e. 2.8.4 is having some changes in WP-Login.php file thru which the attackers actually used to create an Admin ID and then do some changes in your permalink by populating it with their own keywords. As a result of that, you will loose your links, traffic and at the most your WordPress Database. This same issue is also highlighted by TechCrunch and Mashable yesterday based on a post from Lorelle.
According to Lorelle, there are two clues to find out whether your WordPress blog is attacked or not,
There are strange additions to the pretty permalinks, such as
example.com/category/post-title/%&(%7B$%7Beval(base64_decode ($_SERVER%5BHTTP_REFERER%5D))%7D%7D|.+)&%/. The keywords are “eval” and “base64_decode.”The second clue is that a “back door” was created by a “hidden” Administrator. Check your site users for “Administrator (2)” or a name you do not recognize. You will probably be unable to access that account.
If you find that your wordpress is showing any of the above clue, just don’t panic. First of all, take full backup of your WordPress blog including Database. Now Uninstall the older WordPress from your host server and install the latest version i.e. WordPress 2.8.4. Now move your data like “Images from WP-Content/Upload” and then Tables thru PhpMyAdmin panel. Customize the WordPress dashboard for your older permalink.
If you didn’t find any of the clue explained above but still having the older version of WordPress installed on your host then your are just waiting for the attack. We will strongly recommend you to do the following on ASAP,
Upgrade Your Older WordPress To WordPress 2.8.4
If you are having any fear about loosing your data at the time of upgrade, then take a full backup before doing that. Then go for Automatic upgrade from Your WordPress Dashboard. There is nothing to worry about WordPress Upgrade, it only takes couple of minutes to complete. For precautionary measure, you can disable each and every plug-in before performing automatic upgrade and then install the latest version of the plug-in after WordPress installation completes.
Subscribe our Newsletter to get updates about WordPress Attack and latest security releases. WordPress is already working on its future releases WordPress 2.8.5 and WordPress 2.9, Read details about it.
For more information about securing WordPress, Kindly refer the latest post by Matt on WordPress Security.