ALERT: WordPress Attack Spreading Fast – Upgrade NOW!
- September 5, 2009
WordPress developers are reporting (announced by “Lorelle on WordPress“) there is an ongoing ‘attack’ on older versions (prior to release 2.8.4) of the WordPress blog software. The number of sites hit by this is multiplying by the hour, so protect your WordPress blog immediately and UPDATE NOW!!!
Special Note: This Alert is for self-hosted WordPress installations.WordPress.com blogs are not impacted as they are up-to-date.
***Update your WordPress blog before you continue reading this post. That’s how critical this issue is.
There are two clues that your WordPress site has been attacked.
- There are strange additions to the pretty permalinks, such as example.com/category/post-title/%&(%7B$%7Beval(base64_decode($_SERVER%5BHTTP_REFERER%5D))%7D%7D|.+)&%/. The keywords are “eval” and “base64_decode.”
- The 2nd clue is that a “back door” has been created by a “hidden Administrator”. Check site users for an “Administrator (2)” listing or some other name you don’t recognize. If one has been created, it is highly unlikely that you will be able to access the account.
For those already affected, it is being reported that you will need to:
- Export all your content with the built-in XML WordPress exporter.
- Remove your WordPress installation completely (saving only images and general files)
- DO NOT EXPORT YOUR DATABASE! Exporting the database will result in exporting and transfer of the hacked code.
- Reinstall WordPress adding the “clean” backup of your WordPress Theme
- Re-import your content using the XML export file.
And again, take care to keep your export limited to the post content, comments and Pages, not the entire database. Sincethe hack goes all the way into the database, exporting your DB will result in exporting the hacked code as well.
If you have further questions or concerns, check WordPress.com, the community is there to help.
Leave a Comment
- Analytics (1)
- Business News (13)
- Development (14)
- Mobile (6)
- SEO (18)
- Social Media (6)
- Variety (15)
A Little About Me
I am a business consultant with a ton of digital experience. I help companies achieve success with a focus on technology and the Web.
I don’t know If I said it already but …I’m so glad I found this site…Keep up the good work I read a lot of blogs on a daily basis and for the most part, people lack substance but, I just wanted to make a quick comment to say GREAT blog. Thanks, 🙂
what a great site and informative posts, I will add a backlink and bookmark your site. Keep up the good work! 🙂
Generally I do not post on blogs, but I would like to say that this post really forced me to do so, Excellent post!