Old Wordpress is Vulnerable
- 0 Comments
From around the web, reports have been coming in that older versions of Wordpress are no longer safe. With Wordpress being one of the largest blogging engines, (It’s latest version has had over 5 million downloads) Wordpress is used by many large internet blogs, such as Tech Crunch, to display content, deliver information.
Writes Lorelle on her WordPress-centric blog:
There are two clues that your WordPress site has been attacked:
First, there are strange additions to permalinks, such as example.com/category/post-title/%&(%7B$%7Beval(base64_decode($_SERVER%5BHTTP_REFERER%5D))%7D%7D|.+)&%/. The keywords are “eval” and “base64_decode.”
The second clue is that a “back door” was created by a “hidden” Administrator. Check your site users for “Administrator (2)” or a name you do not recognize.
In order to protect your blog, users are advised to update their version of Wordpress to 2.8, change, and make all passwords stronger (Such as 20 character long keyboard mashfests), even including WordPress blog access for all users, database, FTP, control panels, etc
External Links
“Password”
Uber-Secure password Generator
