WordPress.org

Ready to get started?Download WordPress

How to Keep WordPress Secure

Posted September 5, 2009 by Matt Mullenweg. Filed under Development, Security.

A stitch in time saves nine. I couldn’t sew my way out of a bag, but it’s true advice for bloggers as well — a little bit of work on an upgrade now saves a lot of work fixing something later.

Right now there is a worm making its way around old, unpatched versions of WordPress. This particular worm, like many before it, is clever: it registers a user, uses a security bug (fixed earlier in the year) to allow evaluated code to be executed through the permalink structure, makes itself an admin, then uses JavaScript to hide itself when you look at users page, attempts to clean up after itself, then goes quiet so you never notice while it inserts hidden spam and malware into your old posts.

The tactics are new, but the strategy is not. Where this particular worm messes up is in the “clean up” phase: it doesn’t hide itself well and the blogger notices that all his links are broken, which causes him to dig deeper and notice the extent of the damage. Where worms of old would do childish things like defacing your site, the new ones are silent and invisible, so you only notice them when they screw up (as this one did) or your site gets removed from Google for having spam and malware on it.

I’m talking about this not to scare you, but to highlight that this is something that has happened before, and that will more than likely happen again.

A stitch in time saves nine. Upgrading is a known quantity of work, and one that the WordPress community has tried its darndest to make as easy as possible with one-click upgrades. Fixing a hacked blog, on the other hand, is quite hard. Upgrading is taking your vitamins; fixing a hack is open heart surgery. (This is true of cost, as well.)

2.8.4, the current version of WordPress, is immune to this worm. (So was the release before this one.) If you’ve been thinking about upgrading but haven’t gotten around to it yet, now would be a really good time. If you’ve already upgraded your blogs, maybe check out the blogs of your friends or that you read and see if they need any help. A stitch in time saves nine.

Whenever a worm makes the rounds, everyone becomes a security expert and peddles one of three types of advice: snake oil, Club solutions, or real solutions. Snake oil you’ll be able to spot right away because it’s easy. Hide the WordPress version, they say, and you’ll be fine. Uh, duh, the worm writers thought of that. Where their 1.0 might have checked for version numbers, 2.0 just tests capabilities, version number be damned.

The second type of advice is Club solutions; to illustrate, I’ll quote from Mark Pilgrim’s excellent essay on spam 7 years ago, before WordPress even existed:

The really interesting thing about these approaches, from a game theory perspective, is that they are all Club solutions, not Lojack solutions. There are two basic approaches to protecting your car from theft: The Club (or The Shield, or a car alarm, or something similar), and Lojack. The Club isn’t much protection against a thief who is determined to steal your car (it’s easy enough to drill the lock, or just cut the steering wheel and slide The Club off). But it is effective protection against a thief who wants to steal a car (not necessarily your car), because thieves are generally in a hurry and will go for the easiest target, the low-hanging fruit. The Club works as long as not everyone has it, since if everyone had it, thieves would have an equally difficult time stealing any car, their choice will be based on other factors, and your car is back to being as vulnerable as anyone else’s. The Club doesn’t deter theft, it only deflects it.

Club blog security solutions can be simple (like an .htaccess file) or incredibly complex (like two-factor authentication), and they can work, especially for known exploits. Club solutions can be useful, like using a strong or complex password for your login — no one would recommend against that. (Another club solution is switching to less-used software on the assumption or more like the software’s claim that it’s perfect and more secure. This is why BeOS is more secure than Linux, ahem.)

In the car world, if someone figured out how to teleport entire cars to chop shops, The Club wouldn’t be so useful anymore. Luckily for manufacturers of The Club, this hasn’t happened. Online and in the software world, though, the equivalent happens almost daily. There is only one real solution. The only thing that I can promise will keep your blog secure today and in the future is upgrading.

WordPress is a community of hundreds of people that read the code every day, audit it, update it, and care enough about keeping your blog safe that we do things like release updates weeks apart from each other even though it makes us look bad, because updating is going to keep your blog safe from the bad guys. I’m not clairvoyant and I can’t predict what schemes spammers, hackers, crackers, and tricksters will come up with with in the future to harm your blog, but I do know for certain that as long as WordPress is around we’ll do everything in our power to make sure the software is safe. We’ve already made upgrading core and plugins a one-click procedure. If we find something broken, we’ll release a fix. Please upgrade, it’s the only way we can help each other.

451 Pings

RSS feed for comments on this post.

  1. [...] Source WordPress Development Blog WordPressWordPress Development Blog [...]

    Pingback from How to Keep WordPress Secure | blog.if-else.fr on September 5, 2009

  2. [...] It seems there’s a worm on the loose that is targetting older versions of WordPress – so spending the time to upgrade now could save you a lot of time should you get attacked.  Full details of the situation from WordPress central: How to keep WordPress secure [...]

    Pingback from Upgrade your WordPress on September 5, 2009

  3. [...] How to Keep WordPress Secure, by me on the WordPress dev blog. ¶ [...]

    Pingback from Keep WordPress Secure — Matt Mullenweg on September 5, 2009

  4. [...] O próprio Matt acaba de postar um artigo acalmando a comunidade wordpress e garantindo que a versão atual (2.8.4) é imune ao worm que [...]

    Pingback from WordPress sob ataque! Atualize agora! on September 5, 2009

  5. [...] some great advice from WordPress.org regarding this issue. SHARETHIS.addEntry({ title: "WordPress blogs under attack!", url: [...]

    Pingback from WordPress blogs under attack | The Tech News Blog on September 5, 2009

  6. [...] This evening’s announcement from Matt Mullenweg at WP. It’s more detail on how this happened, and urges us to upgrade. [...]

    Pingback from Malicious Hack on September 5, 2009

  7. [...] Mantenha seu WordPress atualizado Right now there is a worm making its way around old, unpatched versions of WordPress. This particular worm, like many before it, is clever: it registers a user, uses a security bug (fixed earlier in the year) to allow evaluated code to be executed through the permalink structure, makes itself an admin, then uses JavaScript to hide itself when you look at users page, attempts to clean up after itself, then goes quiet so you never notice while it inserts hidden spam and malware into your old posts. continua em wordpress.org [...]

    Pingback from Mantenha seu WordPress atualizado » CrisDias weblog on September 5, 2009

  8. [...] you should stop what you are doing and head over to this post on the WordPress development blog: How to Keep WordPress Secure. It discusses a worm which is currently doing the rounds, attempting to exploit older versions of [...]

    Pingback from Serious WordPress vulnerability at Data Circle on September 5, 2009

  9. [...] from WordPress Blog. How to Keep WordPress Secure by Matt. WordPress is a community of hundreds of people that read the code every day, audit it, [...]

    Pingback from MOHDRAFIE.CO.UK » Why WordPress is our all-time favourite on September 5, 2009

  10. [...] : Blog WordPress WordPress CMS [...]

    Pingback from TiChou » WordPress : Un vers exploite les failles de sécurité des blogs on September 5, 2009

  11. [...] Ďalší článok o tom ako zachovať váš WordPress bezpečný: http://wordpress.org/development/2009/09/keep-wordpress-secure/ [...]

    Pingback from WordPress 2.8.4 alá ďalšia bezpečnostná záplata AKTUALIZOVANÉ!!! « WordPress.sk on September 5, 2009

  12. [...] founder Matt Mullenweg writes of the vulnerability: 2.8.4, the current version of WordPress, is immune to this worm. (So was the [...]

    Pingback from WordPress Responds to Attack: “Please Upgrade” on September 5, 2009

  13. [...] In response to How to Keep WordPress Secure [...]

    Pingback from Milburn - Blog Archive – WordPress Security Questions on September 5, 2009

  14. [...] can also read a very informative post regarding WordPress security, by Matt Mullenweg, on the official WordPress [...]

    Pingback from WordPress users: Upgrade to 2.8.4 now! | Vancouver Web Hosting, Vancouver WordPress Hosting: dazil Internet Services on September 5, 2009

  15. [...] of WordPress. Automattic contributes to WP.org like many other companies do. Mullenweg published a blog post mentioning what steps people should take to ensure their WordPress blog is [...]

    Pingback from Security Threat: WordPress Under Attack on September 5, 2009

  16. [...] case you missed it, here is an article about keeping your WordPress installation safe. It begins with the old proverb [...]

    Pingback from Keeping WordPress Secure :: novapages.com on September 5, 2009

  17. [...] rarely mention WordPress stuff here but if you haven’t upgraded your site to 2.8.4, read this post by Matt. Please upgrade, you’ll be hacked otherwise! Category: Canon 20D, Ireland, Kerry, [...]

    Pingback from Tipping Over on September 5, 2009

  18. [...] WordPress founder Matt Mullenweg talks about how to keep WordPress secure. [...]

    Pingback from WordPress Under Attack, Upgrade Now on September 5, 2009

  19. [...] http://wordpress.org/development/2009/09/keep-wordpress-secure/ a few seconds ago from Gwibber [...]

    Pingback from Philippe Scoffoni (pscoffoni) 's status on Saturday, 05-Sep-09 21:14:11 UTC - Identi.ca on September 5, 2009

  20. [...] Matt Mullenweg gives his perspective of how to keep WordPress secure. [...]

    Pingback from Keep WordPress Up to Date and Stay Secure — Another Blogger on September 5, 2009

  21. [...] WordPress › Blog » How to Keep WordPress Securewordpress.org [...]

    Pingback from WordPress › Blog » How to Keep WordPress Secure « Netcrema – creme de la social news via digg + delicious + stumpleupon + reddit on September 5, 2009

  22. [...] founder Matt Mullenweg writes of the vulnerability: 2.8.4, the current version of WordPress, is immune to this worm. (So was the [...]

    Pingback from WordPress Responds to Attack: “Please Upgrade”  on September 5, 2009

  23. [...] http://wordpress.org/development/2009/09/keep-wordpress-secure/ a few seconds ago from Twhirl [...]

    Pingback from Philip Oakley (outserve) 's status on Saturday, 05-Sep-09 21:28:17 UTC - Identi.ca on September 5, 2009

  24. [...] http://wordpress.org/development/2009/09/keep-wordpress-secure/ a few seconds ago from Twhirl [...]

    Pingback from philip oakley (philoakley) 's status on Saturday, 05-Sep-09 21:28:41 UTC - Identi.ca on September 5, 2009

  25. [...] de rest van bericht, wat overigens de moeite waard is om te lezen moet je hier zijn. Deel en bookmark [...]

    Pingback from Matt reageert op de recente WordPress hack : WordPress Dimensie on September 5, 2009

  26. [...] is an ongoing attack on self installed WordPress [...]

    Pingback from note to self » Older WordPress Versions Under Attack on September 5, 2009

  27. [...] The good thing is that upgrading is pretty easy with 2.8 and beyond.  For more, check out: How to Keep WordPress Secure. If you like this post, please share it. Much appreciated it [...]

    Pingback from Security Alert – Upgrade to Latest Version of WordPress | wujimon taiji blog on September 5, 2009

  28. [...] founder Matt Mullenweg writes of the vulnerability: 2.8.4, the current version of WordPress, is immune to this worm. (So was the [...]

    Pingback from WordPress Responds to Attack: “Please Upgrade” | Internet Marketing KB on September 5, 2009

  29. [...] founder Matt Mullenweg writes of the vulnerability: 2.8.4, the current version of WordPress, is immune to this worm. (So was the [...]

    Pingback from WordPress Responds to Attack: "Please Upgrade" - WordPress Tutorials on September 5, 2009

  30. [...] article telling on how to keep your wordpress more secure from attacks. You can read the full post here A stitch in time saves nine. I couldn’t sew my way out of a bag, but it’s true advice for [...]

    Pingback from How to Keep your WordPress more Secure | RaiCiego.com on September 5, 2009

  31. [...] #wordpress upgrade immediately or be sorry http://wordpress.org/development/2009/09/keep-wordpress-secure/ [...]

    Pingback from Mike Linksvayer (mlinksva) 's status on Saturday, 05-Sep-09 22:14:44 UTC - Identi.ca on September 5, 2009

  32. [...] Details are here (and also on WordPress’s site). [...]

    Pingback from WordPress blogs under attack from hack attack @ Technology News on September 5, 2009

  33. [...] from cyber-catastrophes, but, instead, a little good-old-fashioned digital self-help!  From the WordPress Blog: WordPress is a community of hundreds of people that read the code every day, audit it, update it, [...]

    Pingback from WordPress Worm: Cyber-Security Begins at Home — Technology Liberation Front on September 5, 2009

  34. [...] [...]

    Pingback from ∞ | DZine-Studios on September 5, 2009

  35. [...] versions below 2.7 are highly venerable to this attack. Matt Mullenweg founder of WordPress has responded in the WordPress Blog [...]

    Pingback from WordPress Under Attack, Upgrade To 2.8.4 ASAP on September 5, 2009

  36. [...] Well, mystery solved – this just in from WordPress: [...]

    Pingback from WordPress Worm Attacks Outdated Versions – Upgrade to 2.8.4 Now! : Fansite Blogger – Experience, Tips and Advice for Fansite Owners on September 5, 2009

  37. [...] Then I saw this. [...]

    Pingback from Richard Wilkinson » Blog Archive » Upgraded to 2.8.4… on September 5, 2009

  38. [...] Sharp­ish. ‘Old’ means any­thing prior to the cur­rent ver­sion, or the one before that, accord­ing to Matt Mul­len­weg. It’ll be inter­est­ing to see if folk jump ship over this. (Where to, I don’t [...]

    Pingback from Wormpress on September 5, 2009

  39. [...] WordPress users, watch out: http://wordpress.org/development/2009/09/keep-wordpress-secure/ [...]

    Pingback from Willy manga (ongolaboy) 's status on Saturday, 05-Sep-09 22:50:02 UTC - Identi.ca on September 5, 2009

  40. [...] Matt goes into specifics about this worm and the importance of upgrading over on the dev blog and I encourage you to go read it. [...]

    Pingback from Secure your WordPress Blog. Upgrade Now! | Swank Web Style Blog on September 5, 2009

  41. [...] How to Keep WordPress Secure | WordPress 〈WordPress を安全に保つために〉 [...]

    Pingback from 2009年9月06日(日) « maclalala:link on September 5, 2009

  42. [...] founder Matt Mullenweg writes of the vulnerability: 2.8.4, the current version of WordPress, is immune to this worm. (So was the [...]

    Pingback from WordPress responds to attacks | Just Social on September 5, 2009

  43. [...] NEWEST UPDATE: OFFICIAL RESPONSE FROM WORDPRESS [...]

    Pingback from Breaking: WordPress MySQL injection – how to fix latest attack %&({${eval(base64_decode($_SERVER[HTTP_REFERER]))}}|.+)&%/ | AndySowards.com :: Professional Web Design, Development, Programming Freelancer, Hacks, Downloads, Math and being a W on September 5, 2009

  44. [...] How to Keep WordPress Secure at WordPress Development Blog [...]

    Pingback from Worm Affecting WordPress 2.8.2 and Earlier « wlair.us.to on September 5, 2009

  45. [...] the WordPress Development Blog: September [...]

    Pingback from Wright On! » Upgrade your WordPress Blog – or suffer on September 5, 2009

  46. [...] WordPress › Blog » How to Keep WordPress Secure. [...]

    Pingback from WordPress › Blog » How to Keep WordPress Secure - MINDQILA on September 5, 2009

  47. [...] du intresserad av tekniska detaljer och är bra på engelska kan du läsa WordPress-bloggen. Mitt förslag är att du uppgraderar först, läs sen. Uppgradering är enkel, oavsett om du [...]

    Pingback from Säkerhetuppdatering av WordPress – Ta det här på allvar och uppgradera PUNKT NU on September 6, 2009

  48. [...] – Check out a great post by the WordPress.Org team on how to keep your WordPress secure – – a stick in time, saves nine (A/K/A/ – always upgrade your WordPress installation [...]

    Pingback from [UPDATED] Early versions of WordPress under attack – upgrade to 2.8.4 today! | Blogs About Hosting on September 6, 2009

  49. [...] 以下は、2009年9月5日に書かれた WordPress.org 公式ブログの記事、「How to Keep WordPress Secure」を訳したものです。本文内のリンク先はすべて英語ページです。 [...]

    Pingback from WordPress | 日本語 » WordPress を安全に使い続ける方法 on September 6, 2009

  50. [...] Mullenweg, BDFL of WordPress weighs in on what you can do: “I’m talking about this not to scare you, but to highlight that this is something that has [...]

    Pingback from How to keep you WordPress blog secure « The Pageman in Kabul on September 6, 2009

  51. [...] Read the rest [...]

    Pingback from WordPress self hosted blogs attack warning! | Blog Tips | johnmryan.com on September 6, 2009

  52. [...] WordPress › Blog » How to Keep WordPress Secure. Share with [...]

    Pingback from WordPress.org Warns of Active Worm Hacking Blogs - Bits & Pieces on September 6, 2009

  53. [...] Nach allem, was so nach und nach durchsickert, haben mich ein paar Besonderheiten meines Blogs vor Schlimmerem bewahrt. Offensichtlich lädt die Attacke normalerweise ein Skript von chinesischen Servern nach. Dieses Skript läuft dann auf dem Server mit Root-Rechten und tut….das weiß man noch nicht ganz genau. [...]

    Pingback from Media Addicted wurde gehacked | Media Addicted on September 6, 2009

  54. [...] is a new wordpress worm going around right now.  This worm affects all versions prior to version 3.8.4.  I recommend [...]

    Pingback from Honest Services » Blog Archive » WordPress Worm on September 6, 2009

  55. [...] For more information, see the WordPress blog. [...]

    Pingback from WordPress blog update necessary on September 6, 2009

  56. [...] reading: WordPress’ head honcho Matt has produced a detailed post about the worm and the importance of [...]

    Pingback from WordPress Attack: How to protect your blog when you don't know MySQL from My Little Pony | Corporate Blogger | Business Blogging, Web 2.0 & Social Media Marketing for SMEs on September 6, 2009

  57. [...] Don’t keep up with security updates How to keep WordPress secure. [...]

    Pingback from Scoble got his WordPress blog hacked | wisefaq.com on September 6, 2009

  58. [...] them to the comment box of any affected posting. If you have a WordPress site, here are the latest instructions as to what to do (if you haven’t been hit, and haven’t upgraded, upgrade.) In the [...]

    Pingback from Technical difficulties, malice afflict WordPress sites, including this one | Chance of Rain on September 6, 2009

  59. [...] founder Matt Mullenweg writes of the vulnerability: 2.8.4, the current version of WordPress, is immune to this worm. (So was the [...]

    Pingback from SociaListed » WordPress Responds to Attack: “Please Upgrade” on September 6, 2009

  60. [...] just read that there’s this new and ‘clever’ worm moving about attacking sites using older versions of wordpress. if you’re running the latest [...]

    Pingback from noel alanguilan » secure your wordpress on September 6, 2009

  61. [...] interwebs are abuzz with concerns about WordPress security this weekend. If you use WordPress, you should always make sure you are running to the latest [...]

    Pingback from WordPress Security/Upgrade Help | alexking.org on September 6, 2009

  62. [...] founder Matt Mullenweg writes of the vulnerability: 2.8.4, the current version of WordPress, is immune to this worm. (So was the [...]

    Pingback from WordPress Responds to Attack: “Please Upgrade” | Increase Targeted Web Site Traffic on September 6, 2009

  63. [...] being hit – by a worm that affects any old (ie before 2.8.4) version.Details are here (and also on WordPress's site). As Matt Mullenweg, who has played a key part in the development and commercialisation of [...]

    Pingback from WordPress blogs under hack attack - Front Page News - NewsSpotz on September 6, 2009

  64. [...] by Jayvee Fernandez If you haven’t yet upgraded to the latest version of WordPress 2.8.4, then it is high time you should. WordPress.org is under attack and the potential damage to its users is high. Matt writes, Right now there is a worm making its way around old, unpatched versions of WordPress. This particular worm, like many before it, is clever: it registers a user, uses a security bug (fixed earlier in the year) to allow evaluated code to be executed through the permalink structure, makes itself an admin, then uses JavaScript to hide itself when you look at users page, attempts to clean up after itself, then goes quiet so you never notice while it inserts hidden spam and malware into your old posts. [...]

    Pingback from WordPress.org under attack; reason to upgrade to 2.8.4 | The Blog Herald on September 6, 2009

  65. [...] Original source : http://wordpress.org/development/2009/09/keep-word… [...]

    Pingback from Matt Mullenweg on How to Keep WordPress Secure « on September 6, 2009

  66. [...] Automattic contributes to WordPress.org like many other companies do. Mullenweg published a blog post mentioning what steps people should take to ensure their WordPress blog is [...]

    Pingback from Technology blog » Security Threat: WordPress Under Attack on September 6, 2009

  67. [...] Scoble got hacked = Matt explains what happened and what we have to do……….. [...]

    Pingback from Marc's Voice » Labor Day blogging ‘09 on September 6, 2009

  68. [...] founder Matt Mullenweg writes of the vulnerability: 2.8.4, the current version of WordPress, is immune to this worm. (So was the [...]

    Pingback from WordPress Security Flaw | OPEN Advertising News Blog on September 6, 2009

  69. [...] Matt Mullenweg: Where worms of old would do childish things like defacing your site, the new ones are silent and invisible, so you only notice them when they screw up (as this one did) or your site gets removed from Google for having spam and malware on it (How to keep your WordPress Secure). [...]

    Pingback from Just Spreading The Word: Upgrade Your WordPress to the Latest Version at margjakob.net on September 6, 2009

  70. [...] How to Keep WordPress Secure – WordPress.org WordPress blogs falling prey to worm – CNN WordPress.org Warns of Active Worm Hacking Blogs – Slashdot [...]

    Pingback from WordPress worm « TBH CREW on September 6, 2009

  71. [...] employ the press tools in their possession to inform one another, that's citizen journalism."How to Keep WordPress SecureWordPress Blog | September 5, 2009Daniel Bachhuber says: Keep your blog up to date. It's that [...]

    Pingback from Make sure your WordPress site is up to date | CoPress on September 6, 2009

  72. [...] WordPress Dougal Campbell: Checking Your WordPress SecurityMatt: Keep WordPress SecureDev Blog: How to Keep WordPress SecureWeblog Tools Collection: WordPress Theme Releases for 09/05Weblog Tools Collection: Old WordPress [...]

    Pingback from Old WordPress Versions Under Attack « Lorelle on WordPress on September 6, 2009

  73. [...] הרשמי של וורדפרס פורסמה היום הבהרה בנוגע לאבטחה של בלוגים שפועלים תחת וורדפרס, בעקבות פרסומים רבים בימים האחרונים על מתקפה חמורה [...]

    Pingback from WordPress | וורדפרס בעברית » וורדפרס ואבטחה on September 6, 2009

  74. [...] VIA:  http://wordpress.org/development/2009/09/keep-wordpress-secure/ [...]

    Pingback from Xunil Solutions » Blog Archive » The importance of upgrading your wordpress on September 6, 2009

  75. [...] 2.8.4.  A worm is doing a lot of damage to blogs that have not been updated, but according to WordPress, 2.8.4 is immune to this threat.  If you haven’t updated to 2.8 yet, there are several steps [...]

    Pingback from Eliminate Current WordPress Security Risk | Customized Marketing on September 6, 2009

  76. [...] WordPress %26rsaquo; blog » How to Keep WordPress Secure Club blog security solutions can be simple (like an .htaccess file) or incredibly complex (like two-factor authentication), and they can work, especially for known exploits. Club solutions can be useful, like using a strong or complex … [...]

    Pingback from blog | You Asked For It Blog on September 6, 2009

  77. [...] but sometimes it is very helpful, as in this case where I am a fan of WordPress and they linked to their blog where they wrote about the worm that is infecting old WordPress sites. This got me updating all my [...]

    Pingback from Worms in WordPress, so update to 2.8.4 | Laura J. Rinaldi on September 6, 2009

  78. [...] How to Keep WordPress Secure Posted by zen   @   5 September 2009 0 comments Tags : hack , wordpress [...]

    Pingback from ZENVERSE – Old WordPress Version Under Attack. Upgrade Now! on September 6, 2009

  79. [...] founder Matt Mullenweg writes of the vulnerability: 2.8.4, the current version of WordPress, is immune to this worm. (So was the [...]

    Pingback from WordPress Responds to Attack: “Please Upgrade” - Summer Of Innovation 2009 on September 6, 2009

  80. [...] via Twitter, qu’il s’agissait d’une attaque d’envergure. Les spécialistes envisagent que d’autres modifications, invisibles, puissent avoir été effectuées. Il est préconisé de totalement supprimer son blog et de le [...]

    Pingback from Attaque de mon blog & perturbations à venir | Alter Gusto - recettes de cuisine on September 6, 2009

  81. [...] Remote Desktop 3.3.1 Client Update Now AvailableSnow Leopard and Rosetta Interesting on the WebHow to Keep WordPress SecureOld WordPress Versions Under AttackSnow Leopard's Four Best Improvements (for Civilians)MacJury [...]

    Pingback from An Eclectic Mind » Interesting Links, September 5, 2009 on September 6, 2009

  82. [...] If you don’t believe me, just ask Matt. [...]

    Pingback from Do the updates! « TechProfound on September 6, 2009

  83. [...] the full article on WordPress Blog – How To Keep WordPress Secure Share and [...]

    Pingback from How To Keep WordPress Secure | Online Tips on September 6, 2009

  84. [...] are reporting that their sites are being compromised by hackers. WordPress founder Matt Mullenwag has confirmed that older versions can be compromised by hackers through a security hole that has been patched in [...]

    Pingback from Self-hosted WordPress sites under attack : TechVi: Technology matters. on September 6, 2009

  85. [...] Parece que al contrario de lo que pensaba, WordPress 2.8.4 no se ve afectado por este error, por lo que si tenéis WordPress actualizado no hace falta que os calentéis la cabeza con el tema [...]

    Pingback from Otra solución al Administrador Fantasma de WordPress | Sumolari.com on September 6, 2009

  86. [...] Parece que al contrario de lo que pensaba, WordPress 2.8.4 no se ve afectado por este error, por lo que si tenéis WordPress actualizado no hace falta que os calentéis la cabeza con el tema [...]

    Pingback from Solución temporal al problema del Administrador Fantasma de WordPress | Sumolari.com on September 6, 2009

  87. [...] are some more links to review from experts and fortify your site as much as possible. Of course, you may also reconsider moving into relative [...]

    Pingback from adir1 » Blog Archive » WordPress Security Breach – First Response Steps on September 6, 2009

  88. [...] latest WordPress worm, as described in Matt Mullenweg’s recent post titled How to Keep WordPress Secure, uses javascript on the user page to hide the backdoor administrator account. It’s not enough [...]

    Pingback from LlamaLabs » Archive » Monitoring Your WordPress Administrator User List on September 6, 2009

  89. [...] ko nga sa http://wordpress.org/development/2009/09/keep-wordpress-secure/ ung security issue sa kasalukuyang version ng wordpress ko kaya inupgrade ko na siya. Baka mahack [...]

    Pingback from Icarus II » Blog Archive » Just upgraded to 2.8.4 on September 6, 2009

  90. [...] Automattic contributes to WordPress.org like many other companies do. Mullenweg published a blog post mentioning what steps people should take to ensure their WordPress blog is [...]

    Pingback from Kanha.info » Blog Archive » Security Threat: WordPress Under Attack on September 6, 2009

  91. [...] muy nuevo, salvo… “¿mantener WP actualizado?” De hecho, Matt Mullenweg se pronunció respecto al reciente susto que hemos pasado diciendo: “La única cosa que puedo [...]

    Pingback from Seguridad en WordPress | Chica Blogger on September 6, 2009

  92. [...] בימים הקרובים צפויה מתקפה על בלוגים ואתרים מבוססי Wordpres… [...]

    Pingback from קישורי מדיה חברתית מהשבוע האחרון (30.8-5.9) | Blinkit - הבלוג של בלינק on September 6, 2009

  93. [...] Anyway, Matt also wrote an article on How to keep WordPress secure. [...]

    Pingback from i.justrealized: Round up on WordPress and opensource vulnerability on September 6, 2009

  94. [...] WordPress posted up a blog post about a worm that is currently doing the rounds against old, unpatched versions of WordPress (versions < [...]

    Pingback from The WordPress bogeyman is doing the rounds | :neil_middleton on September 6, 2009

  95. [...] – How to keep your WordPress blog secure [...]

    Pingback from Running WordPress.org on your own servers is a lot harder than just having them hosted {for free} on WordPress.com. | Midas Oracle .ORG on September 6, 2009

  96. [...] people are running 2.7 or lower. WordPress founder, Matt Mullenweg, posted on WordPress.org the importance of keeping your WP installation secure. Right now there is a worm making its way around old, unpatched versions of WordPress. This [...]

    Pingback from WordPress Virus requires all WP blogs to upgrade to defend against the worm | Michael Bubbo on September 6, 2009

  97. [...] Mullenweg schreibt im WordPress Blog 2.8.4, the current version of WordPress, is immune to this worm. (So was the release before this [...]

    Pingback from WordPress Blogs JETZT AKTUALISIEREN! Gefährlicher Wurm unterwegs : BlogGezwitscher on September 6, 2009

  98. [...] „A stitch in time saves nine” , iar un echivalent românesc al proverbului ar fi „Paza bună trece primejdia rea”. http://wordpress.org/development/2009/09/keep-wordpress-secure/ [...]

    Pingback from Versiunile mai vechi de WordPress se află sub asediu. SQL Injection on September 6, 2009

  99. [...] How to Keep WordPress Secure Posted September 5, 2009 by Matt. Filed under Development, Security. [...]

    Pingback from Upgrade Completed « Security Enthusiast on September 6, 2009

  100. [...] just upgraded WordPress – mainly because of the recent security thread (although I usually keep it reasonably up to date it has been a few months since my last upgrade) – [...]

    Pingback from Mailund on the Internet » Blog Archive » Why did the upgrade eat my stats? on September 6, 2009

  101. [...] de WordPress et des plugins, pour les versions antérieures, suivez le guide…, Lisez aussi le superbe article de Matt Mullenweg sur la meilleure façon de garder son blog [...]

    Pingback from Driss & Nada – Foolish Xperience» Archives du Blog » Blog sous WordPress attaqués !!! on September 6, 2009

  102. [...] Have you upgraded – Important reason why you should Sep 06, 2009 in information WordPress just made a post on their blog titled How to Keep WordPress Secure [...]

    Pingback from Have you upgraded – Important reason why you should | WordPress Made Easy on September 6, 2009

  103. [...] sunt singurele versiuni imune la un vierme aparut recent pentru WordPress, asa cum ne anunta Blogul WordPress. Viermele se pare ca se inregistreaza ca utilizator, apoi folosindu-se de niste bug-uri de [...]

    Pingback from Vierme pentru WordPress - kandrei.ro on September 6, 2009

  104. [...] think it's the same issue) it's sites that haven't been upgraded to the latest secure version of WP WordPress › Blog How to Keep WordPress Secure So everyone, go upgrade to 2.8.4 pronto! __________________ Melinda WAHM Biz Builder Tips for [...]

    Pingback from WARNING - WordPress blog hack - eval(base64_decode( on September 6, 2009

  105. [...] decir, actualiza ya a la última versión (2.8.4). Es la única inmune a un gusano que anda causando estragos en los blogs de WordPress sobre servidores [...]

    Pingback from Pon a salvo tu WordPress | Mangas Verdes on September 6, 2009

  106. [...] Matt Mullenweg, the creator of WordPress, also has these recommendations on hardening the security on your site. [...]

    Pingback from Bits & Pieces » WordPress under attack on September 6, 2009

  107. [...] WordPress › Blog » How to Keep WordPress Secure WordPress official response to the SQL Injection attacks going on (tags: webdesign blog wordpress blogging php work toread security hack learn seguridad updates) [...]

    Pingback from #WDNDL For 9/06/2009 – WordPress! | AndySowards.com :: Professional Web Design, Development, Programming Freelancer, Hacks, Downloads, Math and being a Web 2.0 Hipster? on September 6, 2009

  108. [...] How to Keep WordPress Secure von Matt Mullenweg [...]

    Pingback from Angriffe auf alte WordPress-Installationen | Webseiten-Infos.de on September 6, 2009

  109. [...] decir, actualiza ya a la última versión (2.8.4). Es la única inmune a un gusano que anda causando estragos en los blogs de WordPress sobre servidores [...]

    Pingback from Pon a salvo tu WordPress : Blogografia on September 6, 2009

  110. [...] Blog – How to Keep WordPress Secure Also Read Upgrade to WordPress 2.3.2An Unexpected WordPress 2.8.2 Security PatchWordPress 2.8 [...]

    Pingback from Upgrade to Keep WordPress Secure | Kabatology ~ Open Source, Linux on September 6, 2009

  111. [...] sur ce sujet.Depuis hier c'est un peu l'effervescence dans la communauté WordPress car un ver (worm) sévit et dixit les spécialistes il est plus intelligent que les autres car il simule l'enregistrement [...]

    Pingback from Important, faites la mise à jour de WordPress pour protéger votre blog on September 6, 2009

  112. [...] update your #wordpress, folks http://wordpress.org/development/2009/09/keep-wordpress-secure/ [...]

    Pingback from Brianna Laugher (pfctdayelise) 's status on Sunday, 06-Sep-09 12:34:11 UTC - Identi.ca on September 6, 2009

  113. [...] comments Right now there is a worm making its way around old, unpatched versions of WordPress. This particular worm, like many before it, is clever: it registers a user, uses a security bug [...]

    Pingback from How to Keep WordPress Secure at propaganda press! freedom now on September 6, 2009

  114. [...] blog/article from the wordpress developers strongly encourages you to [...]

    Pingback from Time to update your wordpress software! « Dusk's on September 6, 2009

  115. [...] Settembre 2009, 14:59 Archiviato in: Generale, WordPress – Old WordPress Versions Under Attack – How to Keep WordPress Secure – Aggiornate, aggiornate, poi non dite che non ve lo avevamo detto – WordPress Attack Underway: [...]

    Pingback from L’argomento della domenica #1 « FanStress | Tutto quello che ho imparato sui Fansites… ma anche no! on September 6, 2009

  116. [...] How to Keep WordPress Secure [...]

    Pingback from [Security Alert] Upgrade Your WordPress Blog | tanyabeaudoin.com on September 6, 2009

  117. [...] همین در اولین قدم توصیه می‌کنم پست «مت بزرگ» با عنوان How to Keep WordPress Secure را از دست [...]

    Pingback from یک پست مهم: وردپرس زیر حمله است. شاید شما همین الان در حال هک شدن هستید! | OnlineP30.ir on September 6, 2009

  118. [...] attack by a worm tailored to a weakness that existed in older versions of the blogging software. Here’s the scoop. Right now there is a worm making its way around old, unpatched versions of WordPress. This [...]

    Pingback from Some good advice from the WordPress developers « Quotulatiousness on September 6, 2009

  119. [...] riporta Matt Mullenweg, un worm particolarmente pericoloso riesce a registrarsi come utente amministratore [...]

    Pingback from WordPress sotto attacco: aggiornare subito, please! | Edit - Il blog di HTML.it on September 6, 2009

  120. [...] Codex. However, most of this effort could be in vain unless you ensure that you always try to run the latest version of WordPress. Updates are announced via your WordPress dashboard and can be installed automatically with just a [...]

    Pingback from New WordPress Install: Things I Learnt Along the Way | Outpt. on September 6, 2009

  121. [...] Matt Mullenweg, WordPress opperhoofd, te citeren: “If you’ve been thinking about upgrading but haven’t [...]

    Pingback from Smetty’s Soapbox » Blog Archive » WordPress worm on September 6, 2009

  122. [...] guessing you just read Matt M's latest post … http://wordpress.org/development/200…dpress-secure/ Personal blog | Twitter Menu plugin | Template Generator | WordPress themes 1, 2, 3 and [...]

    Pingback from WordPress Security is About More than WordPress - WordPress Tavern Forum on September 6, 2009

  123. [...] Details are here (and also on WordPress’s site). [...]

    Pingback from WP under attack! « Pandemonium on September 6, 2009

  124. [...] WordPress › Blog » How to Keep WordPress Secure – Right now there is a worm making its way around old, unpatched versions of WordPress. This particular worm, like many before it, is clever: it registers a user, uses a security bug (fixed earlier in the year) to allow evaluated code to be executed through the permalink structure, makes itself an admin, then uses JavaScript to hide itself when you look at users page, attempts to clean up after itself, then goes quiet so you never notice while it inserts hidden spam and malware into your old posts. [...]

    Pingback from Link Report for September 4th through September 6th | Goldstein Media Blog on September 6, 2009

  125. [...] WordPress › Blog » How to Keep WordPress Secure A good post by Matt on WordPress.org blog, underlining once again how important it is to upgrade your blog. (tags: WordPress security) [...]

    Pingback from links for 2009-09-06 | Links | WereWP on September 6, 2009

  126. [...] from WordPress on Attack: How to Keep WordPress Secure. Information on the most recent update of WordPress that prevented this attack on updated WordPress [...]

    Pingback from Self-hosted WordPress users need to upgrade to newest version immediately « So You Want To Be A Waiter on September 6, 2009

  127. Hacker attackieren ältere WordPress Versionen…

    WordPress Logo
    Immer mehr Hacker greifen ältere WordPress Versionen an. Daher sollten alle auf die neuste WordPress Version, momentan 2.8.4, aktualisieren, die es noch nicht getan haben. Hacker nutzen die Sicherheitslücken aus, wie z.B. in der Version …

    Trackback from Jiinx.net on September 6, 2009

  128. [...] wordpress – keep wordpress secure [...]

    Pingback from Upgrade wordpress anda Sekarang! | Gadget and Stuff on September 6, 2009

  129. [...] Update #1 – Wow, looks like other WordPress users were not so lucky. Here’s WordPress’s Matt’s take. [...]

    Pingback from Updated WordPress! « The Sunjay Times on September 6, 2009

  130. [...] You can find the complete story on WordPress.org, How to keep WordPress Secure [...]

    Pingback from Better safe than sorry – Upgrade WordPress Today | Featured on September 6, 2009

  131. [...] founder Matt Mullenweg writes of the vulnerability: 2.8.4, the current version of WordPress, is immune to this worm. (So was the [...]

    Pingback from SCS Tambayan » WordPress Responds to Attack: “Please Upgrade” on September 6, 2009

  132. [...] have been a number of vulnerabilities discovered in WordPress since it started, including one earlier this month. They all have pretty much the same objective: to try to get access to your blog in order to post [...]

    Pingback from Has your WordPress been hacked? | Paul Maunders | Web log on September 6, 2009

  133. [...] I read an important article for those who use WordPress as blog platform, grab this from WP development blog please read and upgrade your WordPress [...]

    Pingback from Secure Your WordPress, Upgrade Immediately « Daily Project™ on September 6, 2009

  134. [...] This was bound to happen, apparently there’s a worm spreading over the Internet attacking WordPress-based blogs by taking advantage of a vulnerability in older versions. [...]

    Pingback from AviDardik.com » Blog Archive » WordPress Worm Attack on September 6, 2009

  135. [...] version of wordpress to wordpress 2.8.4. I’ve been meaning to do this for a while now, but wanting to avoid yesterday’s worm prompted me to do it this weekend rather than [...]

    Pingback from Ted Naleid » Updated wordpress on September 6, 2009

  136. [...] per a recent post on the WordPress blog, this is how the worm operates. Right now there is a worm making its way around old, unpatched [...]

    Pingback from [Security] Update Your WordPress Blog To WordPress 2.8.4 Now | Technofriends on September 6, 2009

  137. [...] As strongly recommended. [...]

    Pingback from Upgraded to WordPress 2.8.4 « Notes From Andy on September 6, 2009

  138. [...] WordPress %26rsaquo; blog » How to Keep WordPress Secure Club blog security solutions can be simple (like an .htaccess file) or incredibly complex (like two-factor authentication), and they can work, especially for known exploits. Club solutions can be useful, like using a strong or complex … Blog Marketing [...]

    Pingback from blog | You Asked For It Blog on September 6, 2009

  139. [...] Read more about the worm and how to keep your WordPress installation safe at the official WordPress blog. [...]

    Pingback from Worm Attacks Unpatched WordPress Installations – neologe.com on September 6, 2009

  140. [...] Automattic contributes to WordPress.org like many other companies do. Mullenweg published a blog post mentioning what steps people should take to ensure their WordPress blog is [...]

    Pingback from WordPress Faces Security And Password Concerns « Maverickguy's Blog on September 6, 2009

  141. [...] READ MORE… Comments (0) Trackbacks (0) Leave a comment Trackback [...]

    Pingback from Legacy WordPress systems under worm attack! « Mostly Tech on September 6, 2009

  142. [...] Matt ha scritto un post ieri su come rendere sicuro wordpress e Steve ne ha scritto un altro su wordpress.it. Naviga nella Serie«All’Armi All’Armi 2 Tags: backup, Blog, compromissione, database, FriendFeed, hacker, hackerizzazione, installazione, matt mullenweg, panico, plugin, robert scoble, scobelizer, sicurezza, software, webmaster, wikipedia, WordPress, WordPress-it, wordpress.com, wordpress.org [...]

    Pingback from » WordPress,Wordpress.com e sicurezza | Wolly's Weblog on September 6, 2009

  143. [...] wife this weekend noted as she was reading CNET that WordPress had announced a vulnerability to a [...]

    Pingback from get on the bus : Software Testing, Value and usage on September 6, 2009

  144. [...] September 6: The new security problem we mentioned above is being widely discussed in posts like How to Keep WordPress Secure and Old WordPress Versions Under Attack. Although our customers have been protected against this [...]

    Pingback from WordPress 2.8.4 security update | Tiger Technologies Blog on September 6, 2009

  145. [...] A post by Matt Mullenweg about this hack on the WordPress Development Blog – I think the advice could be a little more rounded and pragmatic, personally.  Not everyone can be 100% up to date.  Upgrades need testing, and folk go offline for weeks at a time… [...]

    Pingback from How to Improve WordPress Security | Interconnect IT - WordPress Consultants, Web Development and Web Design on September 6, 2009

  146. [...] i veckan gick WordPress ut med ett meddelande att äldre ouppdaterade WordPress installationer kan vara och redan är [...]

    Pingback from Uppdatera er WordPress blogg nu! | wpxl on September 6, 2009

  147. [...] seu WordPress! Mais detalhes sobre os ataques Mais informações no blog do WordPress WordPress blogs under attack from hack attack (onde vi a notícia [...]

    Pingback from Ataques ao WordPress + Spam + Feed | Popnoid.com on September 6, 2009

  148. [...] info: Old WordPress Versions Under Attack WordPress Permalink & Rss problems How to Keep WordPress Secure This entry was written by Verdi, posted on September 6, 2009 at 1:19 pm, filed under The Web. [...]

    Pingback from REPORTS FROM THE FUTURE » Remove Hidden Admin Users In WordPress on September 6, 2009

  149. [...] and provide security patches for them. Otherwise I find the claim that I can upgrade with a ‘known amount of work‘ niave and mildly [...]

    Pingback from Train of Thought » Blog Archive » Worried about WordPress security upgrades on September 6, 2009

  150. [...] I don’t feel safe with WordPress, hackers broke in and took things and How to Keep WordPress Secure – Maybe blog installations need auto-updating, like desktop [...]

    Pingback from Linkpost | 9.6.2009 - L&C Tech Talk on September 6, 2009

  151. [...] I don’t feel safe with WordPress, hackers broke in and took things and How to Keep WordPress Secure – Maybe blog installations need auto-updating, like desktop [...]

    Pingback from Linkpost | 9.6.2009 - L&C Tech Talk on September 6, 2009

  152. [...] nascosto e alterando la struttura dei permalink. Per tutti i dettagli potete fare riferimento a questa pagina ufficiale. La soluzione è quella di aggiornare le vecchie piattaforme alla nuova versione. var addthis_pub [...]

    Pingback from Worm all’attacco delle vecchie versione di WordPress on September 6, 2009

  153. [...] Mullenweg reported the following: Right now there is a worm making its way around old, unpatched versions of WordPress. This [...]

    Pingback from Upgrade and Secure WordPress, Don’t Wait for Heart Surgery | American Butifarra on September 6, 2009

  154. [...] a nasty worm making its way through older wordpress installs, taking advantage of old security shortcomings to [...]

    Pingback from Bob Goyetche – Community, Technology and Content » 14 wordpress updates, whew! on September 6, 2009

  155. [...] blog, and you’re not using a hosted version, you need to update to 2.8.4. There’s a worm making the rounds on earlier wordpress [...]

    Pingback from kovariks.net on September 6, 2009

  156. [...] you are running anything older than version 2.8.4, then I recommend you upgrade now. The official WordPress.org blog reported a particularly nasty worm making it’s way across independently hosted WP blogs. This [...]

    Pingback from Hacked WordPress Blog: The New WordPress Worm on September 6, 2009

  157. [...] How to Keep WordPress Secure – The official word on preventing your WP site getting hacked. [...]

    Pingback from Bookmarks for September 2nd through September 6th | DavePress on September 6, 2009

  158. [...] Source: WordPress Development Blog [...]

    Pingback from Web News and Practical websites » How to Keep WordPress Secure on September 6, 2009

  159. [...] dauert es in der Regel nicht lange, bis sie nach Strich und Faden ausgenützt wird. Das WordPress Blog rät aufgrund eines aktuell grassierenden Wurms nachdrücklich von Laissez-Faire Taktiken [...]

    Pingback from Blogistan Panoptikum KW36 2009 auf datenschmutz.net on September 6, 2009

  160. [...] アップデート:WordPressの開発者でAutomatticのファウンダー、Matt Mullenwegと連絡がついた。Mullenwegは次のようにコメントした。「Automatticは〔オープンソフトウェアである〕WordPressの親会社ではない。AutomatticはWordPress.orgへの協力企業の1社だ」。またMullenwegはWordPressを安全に運用するための方法についてブログ記事を公開している。 [...]

    Pingback from 警告! WordPress旧版は簡単に乗っ取られる―即刻アップデートを on September 6, 2009

  161. [...] sites are reporting that a major attack on WordPress blogs started yesterday. The latest version of WordPress, 2.8.4, is not vulnerable to this particular [...]

    Pingback from WordPress under attack, upgrade your blog now | Anthonyrobinson.info on September 6, 2009

  162. [...] under: Security, News, BloggingSeveral sites are reporting that a major attack on WordPress blogs started yesterday. The latest version of WordPress, 2.8.4, is not vulnerable to this particular [...]

    Pingback from WordPress under attack, upgrade your blog now | Imprudent Buy on September 6, 2009

  163. [...] GOOD INFO HERE. AND TRY THIS. Alex King has some good info here. HYPYKLRZ uses & endorses Alex King plugins. [...]

    Pingback from CHOPPER'S 2 BUSCUITS; THE WORDPRESS NATION on September 6, 2009

  164. [...] Automattic contributes to WordPress.org like many other companies do. Mullenweg published a blog post mentioning what steps people should take to ensure their WordPress blog is [...]

    Pingback from Security Threat: WordPress Under Attack | Anthonyrobinson.info on September 6, 2009

  165. [...] Delade WordPress › Blog » How to Keep WordPress Secure [...]

    Pingback from Christians dagbok – 2009-09-07 | En sur karamell on September 7, 2009

  166. [...] How to Keep WordPress Secure [...]

    Pingback from Chris Coyier » Blog Archive » Things I Found Interesting Around September 6th on September 7, 2009

  167. [...] developers have warned users their popular CMS is under attack from a ‘clever’ worm that automatically compromises unpatched versions of the WordPress system. The particularly nasty [...]

    Pingback from AUSWEB BLOG » WordPress Security Warning on September 7, 2009

  168. [...] that day, Matt Mullenweg published a post on the WordPress Dev Blog entitled – How To Keep WordPress Secure> There I learned that these recent attacks were different and were caused by a smart and malicious [...]

    Pingback from WordPress Blogs Under Attack on September 7, 2009

  169. [...] WordPress blog: How to Keep WordPress Secure [...]

    Pingback from WordPress attack; upgrade ASAP to 2.8.4 : Locally Grown on September 7, 2009

  170. [...] حذر مطوروا وورد بريس مستخدمي النسخ القديمة من منصة التدوين الأكثر شهرة، حيث يبدو ان هناك ديدان تقوم بالهجوم على هذه المدونات. [...]

    Pingback from مدونات وورد بريس عرضة للهجوم | تيدوز on September 7, 2009

  171. [...] seems that the popular blogging software is suffering an attack and the numbers are rising by the minute. All WordPress users are urged to update to the [...]

    Pingback from Yun4 - WordPress Under Attack on September 7, 2009

  172. [...] Matt has a post on all the whole WordPress security issue that touches on a lot of topics including a bit of web security philosophy but his main point is [...]

    Pingback from Hidden Administrator Attack Hitting Outdated WordPress Sites | WPblogger on September 7, 2009

  173. [...] the information is published regarding new releases. Speaking of the development blog, please read Matt’s latest post which is a breath of fresh air regarding the latest round of attacks and why upgrading is an [...]

    Pingback from Security This, Security That on September 7, 2009

  174. [...] Robert Scoble si patania sa cu WordPress-ul… 2. …  si cum sa repari lucrurile, daca ai aceleasi probleme. 3. Cea mai veche banca elvetiana, Wegelin, si sfatul ei [...]

    Pingback from scurt | Gânduri adunate ... on September 7, 2009

  175. [...] Upgradation In celebration of upgrading to the very latest and guaranteed secure (at least for the next 5 minutes or so) version of WordPress, here is a picture of the evilest doll [...]

    Pingback from Needful Upgradation « Steve Minutillo :: messy-78 on September 7, 2009

  176. [...] bennq on Sep.07, 2009, under Internet Diambil dari postingan pada official blog wordpress di sini, postingan tersebut tercatat tanggal 5 September 2009, jadi 2 hari yang lalu. Jelas di sana ditulis [...]

    Pingback from Upgrade your WordPress | Tehnologi Freak on September 7, 2009

  177. [...] plusieurs milliers de blogs basés sur WordPress, JEEK.ca a été hacké vendredi dernier. Toutefois, pas de panique; depuis cette attaque mineure, [...]

    Pingback from JEEK.ca – Maintenance | Blog de Just-In-Here on September 7, 2009

  178. [...] Mullenweg , founder of WordPress published a blog post mentioning what steps people should take for ensuring safety of their WordPress blog. [...]

    Pingback from Security Threat: WordPress Under Attack | Take A Plunge on September 7, 2009

  179. [...] How to Keep WordPress Secure (tags: security wordpress) [...]

    Pingback from links for 2009-09-06 « Mandarine on September 7, 2009

  180. [...] went right to the source, and decided to take Matt’s word for it. I wasn’t surprised to see that he had already [...]

    Pingback from Self hosted WordPress blog admin take note « Ramblings of a WebWench on September 7, 2009

  181. [...] took advan­tage of holes in older ver­sions of Word­Press. Matt Mul­len­weg has weighed in on how to keep Word­Press secure. His basic advice? [...]

    Pingback from WordPress and Security « Manufactured Environments on September 7, 2009

  182. [...] Details are here (and also on WordPress’s site). [...]

    Pingback from TechnicFreak » WordPress blogs under attack from hack attack on September 7, 2009

  183. [...] founder Matt Mullenweg writes of the vulnerability: 2.8.4, the current version of WordPress, is immune to this worm. (So was the [...]

    Pingback from BusyBB.us » WordPress Responds to Attack: “Please Upgrade” on September 7, 2009

  184. [...] If you run your website using WordPress (self-hosted) then please make sure you have upgraded to the latest version, 2.8.4. There’s a very nasty worm going around that exploits a weakness in earlier versions. More information is available at http://wordpress.org/development/2009/09/keep-wordpress-secure/ [...]

    Pingback from WAHM Biz Builder|Work at Home Mom Business Building Tips on September 7, 2009

  185. [...] Matt Mullenweg said …Please upgrade, it’s the only way we can help each other. [...]

    Pingback from WordPress Users Must Upgrade | Amor's Personal Website on September 7, 2009

  186. [...] [...]

    Pingback from ËÛÑå ÇãäíÉ ÎØíÑÉ ÈÈÑäÇãÌ ááæÑÏ ÈÑÓ WordPress - ÊÍÐíÑ on September 7, 2009

  187. [...] broke in and took things. Damit Euch das nich auch passiert, lest bitte dies und handelt danach: How to Keep WordPress Secure. Right now there is a worm making its way around old, unpatched versions of WordPress. This [...]

    Pingback from WordPress und die Sicherheit – Der Schockwellenreiter on September 7, 2009

  188. [...] blog anglophone officiel de WordPress a annoncé hier un important problème de sécurité pour les versions antérieures à la toute [...]

    Pingback from Les News de la Toile » Importante faille de sécurité pour les anciennes versions de WordPress on September 7, 2009

  189. [...] dan juga TechCrunch.Com menulis tentang perkara tersebut. Seterusnya dibalas oleh Matt melalui blog Rasmi WordPress, mengajak pengguna WordPress supaya mengemaskini ke versi terbaru [...]

    Pingback from Upgrade WordPress anda ke versi 2.8.4 sekarang. « InfoMalaya dot Com on September 7, 2009

  190. [...] » How to Keep WordPress Secure [...]

    Pingback from Linkwertig: Amazon, WordPress, Techorati, r.mp » netzwertig.com on September 7, 2009

  191. [...] of commotion about upgrading WordPress to 2.8.4 due to a worm that is currently circulating. The WordPress blog reports: Right now there is a worm making its way around old, unpatched versions of WordPress. This [...]

    Pingback from WordPress Worm Requires Upgrade to 2.8.4 | I'd Rather Be Writing - Tom Johnson on September 7, 2009

  192. [...] Read entire article at: WordPress › Blog » How to Keep WordPress Secure. [...]

    Pingback from How to Keep WordPress Secure | Earthman Web & Media on September 7, 2009

  193. [...] } Der WordPress-Gründer Matt Mullenweg warnt in Form von einem Blogeintrag vor Attacken auf die beliebte und häufig eingesetzte Blogsoftware. Angeblich gehen die Angriffe [...]

    Pingback from Schadcode greift aeltere WordPress-Blogs an « MG Blog on September 7, 2009

  194. [...] it full Share and [...]

    Pingback from Ansermot.ch » How to Keep WordPress Secure on September 7, 2009

  195. [...] will, ob auch sein Blog betroffen ist der findet bei Lorelle weitere Informationen. Auch Matt hat sich dem Thema angenommen und erinnert nochmals dringlich daran, stets auf die aktuellste [...]

    Pingback from WordPress: Sicherheit vs. Wurm/Plugin-Update… > Sicherheit, Update, WordPress, Wurm > splash ;) on September 7, 2009

  196. [...] ha pubblicato una FAQ dedicata a quanti temono che il proprio blog sia già stato colpito dall’attacco. La [...]

    Pingback from ORBITA WEB: NOTIZIE E CURIOSITA' DAL MONDO WEB on September 7, 2009

  197. [...] Matt Mullenweg fiel auch nicht mehr dazu ein, als den Nutzern ein Update auf die aktuelle Version 2.8.4 nahezulegen: “Die [...]

    Pingback from YuccaTree Post + » Prominentes WordPress-Opfer: Hacker löschen Robert Scobles Blogbeiträge on September 7, 2009

  198. [...] di subire l’attacco vedendo disseminati i propri vecchi post di link maligni. WordPress ha pubblicato una FAQ dedicata a quanti temono che il proprio blog sia già stato colpito dall’attacco. La [...]

    Pingback from Antonino Minuto 2.0 » Blog Archive » C’è una minaccia strisciante sui blog WordPress on September 7, 2009

  199. [...] со статьей Мэтта по поводу [...]

    Pingback from Уязвимость WordPress. Червь в линейки 2.8. | WordPress - русские шаблоны и плагины on September 7, 2009

  200. [...] il fondatore di WordPress, Matt Mullenweg, ha pubblicato un post sul sito ufficiale che spiega come stanno le cose: “La versione attuale di WordPress, la 2.8.4, è [...]

    Pingback from WordPress è vulnerabile ai virus | ciaoblog on September 7, 2009

  201. [...] How to Keep WordPress Secure [...]

    Pingback from David Trumbell » WordPress Security Threat on September 7, 2009

  202. [...] Schwachstelle, welche auch von diesem aktuellen Schadcode ausgenutzt wird, ist bereits seit Anfang August bekannt und seit dieser Zeit wird auch dringend zu einem WordPress-Update geraten, denn die Versionen 2.8.3 [...]

    Pingback from Wurm greift WordPress Blogs an: Update auf WordPress 2.84 hilft! | www.tutsi.de on September 7, 2009

  203. [...] si vous hésitez encore, lisez en détail cet article de Matt sur WordPress.org, ainsi que les explications de Donncha sur la mécanique de hacking fréquemment utilisée et le [...]

    Pingback from le Fantablog » WordPress : passez à la version 2.8.4 ! on September 7, 2009

  204. [...] WordPress har återigen drabbats av attacker, nu senast av en mask som attackerar äldre installationer. Matt Mullenweg förklarar att det bästa sättet att hålla sin installation säker är genom att  uppgradera… [...]

    Pingback from Spotifyfeber och långhelgens tips | En sur karamell on September 7, 2009

  205. [...] den Blogwart unsichtbar und bearbeitet alte Blogeinträge. Der WordPress-Entwickler Matt Mullenweg rät daher dringend zum kurzfristigen Update auf die aktuelle Version: diese ist immun gegen den [...]

    Pingback from meinekleineApfelkiste.de» Blogarchiv » Wurm greift WordPress an on September 7, 2009

  206. [...] ちなみに、本家の方のバージョンは「WordPress 2.9-rare」でした。 何だ、「rare」って。 [...]

    Pingback from WordPress を安全に使いたければ今すぐ 2.8.4 へアップデートを! | btmup Blog on September 7, 2009

  207. [...] der beliebten Blog Software. Bereits vor 2 Tagen schrieb Matt Mullenweg, dass WordPress zu einer großen gefährlichen Last geworden ist, die schnell bereinigt werden sollte und das schon 47 Tagen nach dem Release von [...]

    Pingback from kommt demnächst ein größeres WordPress Update ? » WordPress, Tagen, Blog, Update, When, Wochen, Aussage, Sicherheitsrelevantes, Abschnitt, Urlaub » fgBlog.de on September 7, 2009

  208. [...] مطلبی را درباره ی وقایع امنیتی اخیر وردپرس منتشر کرد(اینجا). مسایلی که به نظر میرسد کاربر با به روز نکردن نسخه ی [...]

    Pingback from رضا در دنیای زیبای وب » Blog Archive » چطور وردپرس مان را امن نگه داریم؟ on September 7, 2009

  209. [...] Matt Mullenweg: How to keep WordPress Secure [...]

    Pingback from T e c Z i l l a » Wurm-Attacke gegen WordPress on September 7, 2009

  210. [...] Matt Mullenweg: How to keep WordPress Secure [...]

    Pingback from Bernd Kling » Wurm-Attacke gegen WordPress on September 7, 2009

  211. [...] WordPress blog, it’s time to upgrade your WordPress to version 2.8.4. According to WordPress.org: Right now there is a worm making its way around old, unpatched versions of WordPress. This [...]

    Pingback from WordPress Security Warning: Update Your WordPress « PSDPunk on September 7, 2009

  212. [...] in need of a 1/2 term break already!  Returned to work to find WordPress had released a critical security update for their blogging engine. The last couple of releases have had an excellent  in-built ftp upgrade [...]

    Pingback from » Blog Archive » It’s September. This must be a new term. Plus, the drawbacks of being a one man band. on September 7, 2009

  213. [...] the experience left him upset and digitally vulnerable. But what really disappointed Scoble was WordPress’ casual and, arguably, cavalier, reaction it could have been avoided if he had upgraded to version [...]

    Pingback from WordPress Takes It On the Chin | Mark Evans Tech on September 7, 2009

  214. [...] blog post from wordpress on How to Keep Your WordPress Secure: A stitch in time saves nine. I couldn’t sew my way out of a bag, but it’s true advice for [...]

    Pingback from Security Tools News & Tips » Blog Archive » WordPress blogs hacked – Upgrade your WordPress NOW! on September 7, 2009

  215. [...] Hier noch ein Blog-Pos von Matt Mullenweg zur besseren Sicherung von WordPress-Systemen: How to Keep WordPress Secure [...]

    Pingback from [Update] Blog-Attacke: Hostiler Wurm attackiert WordPress Blogs, Scobleizer ausradiert | TechFieber | Smart Tech News. Hot Gadget Blog. on September 7, 2009

  216. [...] Post written by Matt (who has a great URL I might add) on the security of your blog. Where worms of old would do childish things like defacing your site, the new ones are silent and invisible … [...]

    Pingback from Michael N. Dundas » Secuurity of a blog on September 7, 2009

  217. [...] denn, intern werkelt also nun empfohlenerweise WordPress 2.8.4 – andere hatten mit den Vorversionen ja doch etwas Pech [via golem.de]… [...]

    Pingback from bastelschubla.de — bastelschubla.de is up to date… inside… on September 7, 2009

  218. [...] wiped and re-installed the blog after the recent WordPress security warnings. For the moment comments are [...]

    Pingback from Comments are off… « Moving… Still… on September 7, 2009

  219. [...] inform at WordPress Development the latest WordPress version ( 2.8.4 ) is immune from this worm. So if you have same problem, you [...]

    Pingback from Worm Attack, Upgrade to Latest Version immediately | Marlboro-ku on September 7, 2009

  220. [...] How to Keep WordPress Secure [...]

    Pingback from Worpress – hacked by xalf | handshake.co.za on September 7, 2009

  221. [...] has been a plethora of news stories about pre-2.8.4 versions of WordPress being hacked (Lorelle, Matt or the Guardian). The official way to protect yourself is to install an upgraded version of the [...]

    Pingback from Two Ideas for Mitigating Future WordPress Vulnerabilities - PlanetMike's Technology Journal on September 7, 2009

  222. [...] What WordPress really needs is a better architecture that solves the two problems stated above and as such makes vulnerabilities like this recent one very unlikely, not ever more ad-hoc hacks. Unless the WordPress project is willing to spend considerably effort on the architecture, using WordPress for professional means will become an intolerable liability. Software Engineering is about long-term stability and dependability, established in the process, not about “if you update your WordPress every few days, you’re safe” (as Matt Mullenweg suggested). [...]

    Pingback from subtitles » Blog Archiv » What’s wrong with WordPress? on September 7, 2009

  223. [...] As always, keep your WordPress installation up to date, further reading is available here. [...]

    Pingback from | boolean.co.nz on September 7, 2009

  224. [...] sites are reporting that a major attack on WordPress blogs started yesterday. The latest version of WordPress, 2.8.4, is not vulnerable to this particular [...]

    Pingback from WordPress under attack, upgrade your blog now | Technology you can trust here... on September 7, 2009

  225. [...] the recent scare regarding a serious security vulnerability in pre-WP 2.8.4 , and the response from WordPress I found myself facing upgrading multiple sites that I own, or sites that I manage [...]

    Pingback from Upgrading WordPress on Multiple Sites, Good Practice : iThemes : Business WordPress Themes, WordPress CMS Themes on September 7, 2009

  226. [...] å lese mer om problemene denne ormen forårsaker, så kan dere lese enten denne bloggen her, eller Matt Mullenwegs egen blog på [...]

    Pingback from Sikkerhetshull i WordPress! Oppgrader! – junkfoodjunkie.no on September 7, 2009

  227. [...] How to Keep WordPress Secure [...]

    Pingback from Security Warning For WordPress Selfhosted Blogs Against Smart Worm - Softpoint.in on September 7, 2009

  228. [...] Keep WordPress Secure!!! [...]

    Pingback from Warning to WordPress(.org) Users « LuckWeaver on September 7, 2009

  229. [...] Aufräumen nicht sehr sauber vorgeht, beschädigt er alle Links, so dass er doch zu entdecken ist, schreibt Mullenweg. Er drängt Nutzer zu zeitnahen Updates ihrer Blogsoftware, denn es sei sehr wahrscheinlich, dass [...]

    Pingback from Wurm greift WordPress an | Blog von root_alpha on September 7, 2009

  230. [...] información: WordPress (Via [...]

    Pingback from WordPress: importante problema de seguridad y actualización urgente on September 7, 2009

  231. [...] here, you might want to subscribe to the RSS feed for updates on this topic.There’s a serious security concern for WordPress users as a worm has been lurking the Internet wreaking havoc on unpatched versions of [...]

    Pingback from Surviving a blog hacking attack | The Four-eyed Journal on September 7, 2009

  232. [...] original here: WordPress › Blog » How to Keep WordPress Secure Related Posts:Ultimate Resources to Help Secure Your WordPress Blog – blog …Dev Blog: How to Keep [...]

    Pingback from WordPress › Blog » How to Keep WordPress Secure | WP Den on September 7, 2009

  233. [...] Skriv en kommentar Matt Mullenweg – en av WordPress-gründerne – kan i dag bekreft i et blogginnlegg at det er en orm som spres seg blant eldre WordPress-innstallasjoner. Kort fortalt oppretter ormen [...]

    Pingback from WordPress angrepet av orm « Litt om web og sånt on September 7, 2009

  234. [...] Remain educated. Make sure your scheduled backup systems are in place, make sure your software is up to date, and don’t be a lazy Web designer. [...]

    Pingback from Current Events: Lazy Admins and WordPress Security - Monday By Noon on September 7, 2009

  235. [...] See the whole post here. [...]

    Pingback from How to Keep WordPress Secure | CyberSec.eu on September 7, 2009

  236. [...] en ébullition depuis quelques jours : la célèbre plateforme WordPress est touché par un ver. L’attaque virale utilise une faille de sécurité connue et se matérialise par la modification des liens des [...]

    Pingback from WordPress prend l’eau… C’est la panique à bord ! | Autour du Web on September 7, 2009

  237. [...] the latest updates, is to make sure your software is always safe.  There is a worm that is attacking old WordPress installations.  If you are not running WordPress 2.8.4 then please upgrade now.: This particular worm, like many [...]

    Pingback from Security Alert: Upgrade WordPress Today To 2.8.4 | Connected Internet on September 7, 2009

  238. [...] it takes a huge/serious security alert like the one we have now with WordPress to force people to upgrade their blogs to the latest secure [...]

    Pingback from Is your WordPress blog updated? « My Blog on September 7, 2009

  239. [...] How to Keep WordPress Secure [...]

    Pingback from Uppgradera alltid WordPress | Eyesx on September 7, 2009

  240. [...] How to Keep WordPress Secure [...]

    Pingback from WordPress 2.8.4 Upgrade | Troy Chaplin Design and Development on September 7, 2009

  241. [...] Attack WordPress répond par la voix de son fondateur qui recommande de passer à la version 2.8.4: Keep WordPress secure S’ensuit bien sûr une forte activité, débats, commentaires, questions, bref un vent de [...]

    Pingback from Attaque sur les blogs WordPress: mise à jour on September 7, 2009

  242. [...] riporta Matt Mullenweg, un worm particolarmente pericoloso riesce a registrarsi come utente amministratore [...]

    Pingback from WordPress sotto attacco: aggiornate subito please! | Italian webdesign on September 7, 2009

  243. [...] been widely reported that sites running the standalone version of WordPress are under “attack” and vulnerabilities are being exploited to insert malicious code into the site. I couldn’t [...]

    Pingback from WordPress – The Windows of the Internet on September 7, 2009

  244. [...] that I have your attention….  Go to Lorelle’s site, Robert Scoble’s site and the WordPress Dev Blog to see details of this new exploit.  If you have version 2.8.4 (like what I do), you are more [...]

    Pingback from Place of Stuff » Blog Archive » Older WordPress Versions Are Insecure on September 7, 2009

  245. Incident: Injection JavaScript malveillant sur le blog de Jean-luc Melenchon…

     
    Clarifions bien la situation dès le départ. Cet incident ne cible pas spécialement Jean-Luc Mélenchon : président du Parti de Gauche (PG). Les attaques de masse frappent systématiquement les systèmes de gestion de contenu (CMS) vulnérables à…

    Trackback from Malware Analysis & Diagnostic on September 7, 2009

  246. [...] blog due to a new worm that will hose your (precious) blog if it gets to you. You can read about it here. I have to admit that I have been putting this off as the upgrade docs, while not being anything [...]

    Pingback from Binary Bob’s Blog » Geek’s Holiday – computer maintenance on September 7, 2009

  247. [...] Güncelleme: Bu bir WordPress açığıymış. WordPress resmi bloğu Bloglarınızı güncellemeniz (2.8.4) konusunda şiddetle uyarıyor! [...]

    Pingback from Google cekemezligi - Livetr.org on September 7, 2009

  248. [...] tactics are new, but the strategy is not,” the WordPress project stated on its official blog. “Where this particular worm messes up is in the ‘clean up’ phase: It doesn’t [...]

    Pingback from Hacked! Wormed! Taken Out! « Papapandapaw's Blog on September 7, 2009

  249. [...] nur sehr unschön vor, was dafür sorgt, dass er letztendlich doch zu erkennen ist. Es wird nachdringlich zum Update geraten. Nicht nur aus Sicht der eigenen Sicherheit. Man gefährdet so andere Menschen und zieht als [...]

    Pingback from Neuer WordPress Wurm treibt sein Unwesen | elexpress.de on September 7, 2009

  250. [...] Shared WordPress › Blog » How to Keep WordPress Secure. [...]

    Pingback from Netzspuren — bluelectric.org on September 7, 2009

  251. [...] are here (and also on WordPress’s site). As Matt Mullenweg, who has played a key part in the development and commercialisation of [...]

    Pingback from WordPress blogs under hack attack « AccessTech News on September 7, 2009

  252. [...] are here (and also on WordPress’s site). As Matt Mullenweg, who has played a key part in the development and commercialisation of [...]

    Pingback from WordPress blogs under hack attack « The BAT Channel on September 7, 2009

  253. [...] How to Keep WordPress Secure geschieben vom WordPress und Automattic Gründer – Matt Mullenweg (http://ma.tt/) KeyWords: >> Angriff, Attacke, Security, Sicherheit, update, WordPress, Wurm [...]

    Pingback from Wurm attackiert WordPress Blogs | Roman Harcke on September 7, 2009

  254. [...] gegen alten WordPress-Versionen, wer also noch nicht die aktuellste Version eingespielt hat: spätestens jetzt wird es Zeit (selbst wenn man nicht an eine WordPress-Katastrophe glaubt). Und jetzt noch eine Folge Voyager [...]

    Pingback from Dobschat » Montag = Telefontag on September 7, 2009

  255. [...] founder Matt Mullenweg writes of the vulnerability: 2.8.4, the current version of WordPress, is immune to this worm. (So was the [...]

    Pingback from WordPress Responds to Attack: “Please Upgrade” | Raise Your Marketing IQ on September 7, 2009

  256. [...] vorgeht und dabei dann Verlinkungen zerstört kann man ein betroffenes Blog dennoch erkennen, schreibt einer der WordPress-Entwickler Matt Mullenweg. Alle WordPress-Nutzer sind angehalten, möglichst bald auf die aktuellste Version des OpenSource [...]

    Pingback from Wurm breitet sich in WordPress-Blogs aus « byteorders weblog on September 8, 2009

  257. [...] sites are reporting that a major attack on WordPress blogs started yesterday. The latest version of WordPress, 2.8.4, is not vulnerable to this particular [...]

    Pingback from WordPress under attack, upgrade your blog now » Shai Perednik.com on September 8, 2009

  258. [...] Read more… Tweet This!Share this on FacebookShare this on LinkedinShare this on del.icio.usStumble upon something good? Share it on StumbleUponShare this on Technorati [...]

    Pingback from WordPress security update | Dominate Your Local Market! on September 8, 2009

  259. [...] From WordPress.org founder Matt Mullenweg… Right now there is a worm making its way around old, unpatched versions of WordPress. This particular worm, like many before it, is clever: it registers a user, uses a security bug (fixed earlier in the year) to allow evaluated code to be executed through the permalink structure, makes itself an admin, then uses JavaScript to hide itself when you look at users page, attempts to clean up after itself, then goes quiet so you never notice while it inserts hidden spam and malware into your old posts.  Read on. [...]

    Pingback from HOW TO: Upgrade to WordPress 2.8 in 3 easy steps on September 8, 2009

  260. [...] How to keep your wordpress blog secure (WordPress.org) [...]

    Pingback from OMG! My Site Has Been Hacked!! A Tale of Horror on September 8, 2009

  261. [...] WordPress › Blog » How to Keep WordPress Secure. Tags: Meta Comment (RSS)  |  Trackback [...]

    Pingback from Oblate Spheroid » Blog Archive » Upgrade your WordPress! on September 8, 2009

  262. [...] http://wordpress.org/development/2009/09/keep-wordpress-secure/ [...]

    Pingback from How to keep WordPress secure | Web Weavers Workshop on September 8, 2009

  263. [...] http://wordpress.org/development/2009/09/keep-wordpress-secure/ [...]

    Pingback from Security advisory for WordPress clients | TAPA Communications on September 8, 2009

  264. [...] reading a potential threat (How to Keep WordPress Secure September 8, 2009) to WordPress blogs that have not upgraded to the latest version (2.8.4), I [...]

    Pingback from Upgraded WordPress » Sri | concept inc 2 on September 8, 2009

  265. [...] do…something. Post spam? Malware links? The sky is the limit, really. (WordPress announcement here, information about the latest security update, 2.8.4, [...]

    Pingback from Unpatched WordPress Users Hit by Worm « Of Bytes and Badges on September 8, 2009

  266. [...] posted How to Keep WordPress Secure at the beginning of the weekend to explain this worm’s [...]

    Pingback from WordPress Users Encouraged to Upgrade to Version 2.8.4 ASAP | STC Marketing Communication SIG on September 8, 2009

  267. [...] an entry on the WordPress Blog on keeping installations secure – a topic WordPress administrators should be especially concerned [...]

    Pingback from WordPress Blog: How to Keep WordPress Secure | Full-Linux.com on September 8, 2009

  268. WordPress Wurm…

    Die letzten Tage hat es vermehrt Angriffe auf WordPress Blogs gegeben. Dazu registriert der Wurm einen Benutzer und verwendet eine Sicherheitslücke (vor WordPress 2.8.4) um Administrationsrechte zu erlangen. Ein Hinweis auf den Wurm sind Permalinks die…

    Trackback from Chukki.de on September 8, 2009

  269. [...] opwaarderen. Matt Mullenweg, één van de oprichters van de blogsoftware WordPress, heeft zelf gewaarschuwd voor een worm die oude versies van de blogsoftware kan [...]

    Pingback from Oprichter WordPress waarschuwt voor worm | ISPam.nl on September 8, 2009

  270. [...] Aiheesta lisää: MikroPC WordPress.Org (englanniksi) [...]

    Pingback from Hyppy Oravanpyörästä » Blog Archive » Sivuston päivitystä ja turhaa säätöä on September 8, 2009

  271. [...] Matt Mullenweg ruft unterdessen dazu auf, Updates zu nutzen. Zudem wirbt er um Vertrauen in die WordPress-Community, die rund um die Uhr bestrebt ist, das [...]

    Pingback from Content Management: WordPress unter Beschuss – zu unsicher, zu lahm? « All in one Blog on September 8, 2009

  272. [...] Uppdaterad: Det är en mask som automatiskt hackar wordpress-bloggar. De som har uppdaterat till senaste versionen är säkra mot just denna mask. Matt Mullweg har skrivit om detta. [...]

    Pingback from Bloggspam | Uppkopplat on September 8, 2009

  273. [...] the information from WordPress on how to keep your site safe, and read Lorelle’s post to find out if you have been [...]

    Pingback from Important Announcement for WordPress Users | Words For Hire on September 8, 2009

  274. [...] Mullenweg, desarrollador de la aplicación, publicó un post avisando del problema: “Hay un gusano que se está paseando por versiones de WordPress viejas y sin actualizar. [...]

    Pingback from Código Hibrido » Blog Archive » Un gusano en tu blog on September 8, 2009

  275. [...] WordPress.org’daki makaleye göre bu yeni worm’un çuvalladığı alan, “arkasını temizleme” kısmı. Blog içi bağlantılarınızı bozduğu için sorunu araştırırken keşfetmeniz olası. [...]

    Pingback from WordPress’inizi güncelleyin! Hemen! « Ömer Köse'nin Kişisel Sitesi on September 8, 2009

  276. [...] tactics are new, but the strategy is not,” the WordPress project stated on its official blog. “Where this particular worm messes up is in the ‘clean up’ phase: It doesn’t [...]

    Pingback from WordPress warns of wayward worm « Parl@!web on September 8, 2009

  277. [...] Läs gärna här hela bloggartikeln om WordPress problem. Kortfattat beskrivs problemen uppstå från en mask som via ett säkerhetshål kan exekvera kod via permalänkstrukturen. Den kan då lägga in andra busigheter på dina artiklar vilket du definitivt inte vill råka ut för. [...]

    Pingback from Säkerhetshål i WordPress – Var noga med att uppgradera | City|Network on September 8, 2009

  278. [...] the first things tackled was a backup and install of the latest version. There is a great post on why to upgrade on WordPress.org. A quick way to tell if you’ve been affected by the worm is to look at your users’ page [...]

    Pingback from Connie's Ramblings » Blog Archive » YAPB and other changes to my WordPress on September 8, 2009

  279. [...] news, everyone! Hackers are attacking WordPress [...]

    Pingback from Chris Le On Technology » Worm hacks WordPress! Protect yourself now! on September 8, 2009

  280. [...] has been a lot of noise out there in the last week regarding the recent attacks against various high profile WordPress blogs that were not updated.  John Gruber over at Daring [...]

    Pingback from Curious Creature » How Not to Get Your Blog Hacked: opinion 2 on September 8, 2009

  281. [...] http://wordpress.org/development/2009/09/keep-wordpress-secure/ [...]

    Pingback from Pour tous les utilisateurs de word press, ll fait passer a la mise a jour | Télécharger mp3 gratuit et légal AIRTIST Blog d’actualités musique, high tech et news du web on September 8, 2009

  282. [...] os desenvolvedores, a praga faz o registro de um usuário falso e explora uma falha de segurança corrigida nas [...]

    Pingback from CUIDADO: “Verme ataca o WordPress” | Infocorumba – Informática e tecnologia. on September 8, 2009

  283. [...] WordPress suffered multiple public hacks this week, Matt Mullenweg released his own apology of sorts. Unfortunately, where Google accepted the blame, Mullenweg was less contrite, placing much [...]

    Pingback from Own Your Mistakes @ Templature on September 8, 2009

  284. [...] to agree with him. While the timing may or may not be designed to take the heat of yet more hacking threats to WordPress.org users, I’m somewhat frustrated that WordPress lacks many basic features and [...]

    Pingback from Pay No Attention to the WordPress Hacking Threats; Look at the Shiny rssCloud! on September 8, 2009

  285. [...] Automattic contributes to WordPress.org like many other companies do. Mullenweg published a blog post mentioning what steps people should take to ensure their WordPress blog is [...]

    Pingback from Security Threat: WordPress Under Attack | Submitter on September 8, 2009

  286. [...] WordPress Secure A hot topic going around in WordPress circles now is a worm making its rounds hijacking vulnerable WordPress [...]

    Pingback from Zit Seng’s Superwall » Blog Archive » Keeping WordPress Secure on September 8, 2009

  287. [...] some WordPress blogs that are using outdated versions of the blogging software, reports CNET News. According to the company, “This particular worm … registers a user, uses a security bug (fixed earlier in the [...]

    Pingback from WordPress Warns of Worm | Submitter on September 8, 2009

  288. [...] de publicação de blogs, começou a atacar versões desatualizadas do serviço. De acordo com a equipe do WordPress, o malware cria uma conta de usuário falsa e explora uma falha de segurança que já foi corrigida [...]

    Pingback from Novo malware ataca o WordPress | New Info on September 8, 2009

  289. [...] you want to read more about the importance of updating your WordPress software, Matt Mullenweg wrote a good article on the WordPress [...]

    Pingback from Triune Designs Blog » A Tale of Two Websites on September 8, 2009

  290. [...] WordPress.org’daki makaleye göre bu yeni worm’un çuvalladığı alan, “arkasını temizleme” kısmı. Blog içi bağlantılarınızı bozduğu için sorunu araştırırken keşfetmeniz olası. [...]

    Pingback from WordPress’inizi Güncelleyin! Hemen! - Harbimi.NET on September 8, 2009

  291. [...] Mullenweg (founder of WordPress) wrote a few days ago about this incident and extremely recommending an upgrade to WordPress 2.8.4. This is of course [...]

    Pingback from WordPress Worm and How to Prevent Data Loss on September 8, 2009

  292. [...] agisce?: Matt Mullenweg, fondatore di WordPress, spiega sul blog ufficiale che il worm “è abile: registra un utente, usa un bug (già sistemato in [...]

    Pingback from » Blog Archiv » [Warning] WordPress in pericolo on September 8, 2009

  293. [...] 2009-09-05: WordPress development blog: How to Keep WordPress Secure [...]

    Pingback from ALERT: Old WordPress Blogs Under Attack | Zemalf on September 8, 2009

  294. [...] How to Keep WordPress Secure [...]

    Pingback from Security Alert : Upgrade WordPress to 2.8.4! | KokPinLab.com on September 8, 2009

  295. [...] you are looking for. Please read the following articles to get the details: From Matt Mullenweg: http://wordpress.org/development/2009/09/keep-wordpress-secure/ and from WordPress.org on how to upgrade: http://codex.wordpress.org/upgrading_wordpress/ and if [...]

    Pingback from Ugrade your WordPress now! « Webstuff 2 on September 8, 2009

  296. [...] How to Keep WordPress Secure [...]

    Pingback from Keep Your WordPress Install Up To Date | bavotasan.com on September 8, 2009

  297. [...] http://wordpress.org/development/2009/09/keep-wordpress-secure/ [...]

    Pingback from Apathetic Moon » Blog Archive » Secure your WP blog, says Matt on September 8, 2009

  298. [...] WordPress and you haven’t upgraded for a while I would highly recommend upgrading. From the official WordPress blog (by Matt): A stitch in time saves nine. I couldn’t sew my way out of a bag, but it’s true [...]

    Pingback from /home/me » Blog Archive » A Stitch In Time on September 8, 2009

  299. [...] Matt Mullenweg, September 5, 2009, “How to Keep WordPress Secure“, [...]

    Pingback from Everything In Our Power < A Fool’s Wisdom on September 8, 2009

  300. [...] os desenvolvedores, a praga faz o registro de um usuário falso e explora uma falha de segurança corrigida nas [...]

    Pingback from Segurança – Verme ataca o WordPress | Tomás Vásquez - Blog on September 8, 2009

  301. [...] the weekend, there was a lot of uproar about a worm attack on WordPress installations that wrecked some notable blogs. Amid the sometimes-smug observations by the [...]

    Pingback from johnaugust.com » Blogs and baked goods on September 8, 2009

  302. [...] WordPress.org recomiendan encarecidamente actualizar a la versión 2.8.4, que es inmune a este gusano. Además [...]

    Pingback from La seguridad de WordPress 2.8 en el punto de mira on September 8, 2009

  303. [...] WordPress.org says this: Right now there is a worm making its way around old, unpatched versions of WordPress. This particular worm, like many before it, is clever: it registers a user, uses a security bug (fixed earlier in the year) to allow evaluated code to be executed through the permalink structure, makes itself an admin, then uses JavaScript to hide itself when you look at users page, attempts to clean up after itself, then goes quiet so you never notice while it inserts hidden spam and malware into your old posts. [...]

    Pingback from Tuesday Tech: Take the time to upgrade! | Waxcreative Design Blog on September 8, 2009

  304. [...] when I remember – once every few months, which is much to seldom. This was prompted by the recent security alert on WordPress. In case you still haven’t heard, there is a worm going around which is designed to attack [...]

    Pingback from Public Announcement | yoonamania on September 8, 2009

  305. [...] If you are running your own WordPress blog site, then you should read this article on how to keep WordPress secure. [...]

    Pingback from How to keep WordPress site secure | Roaming in the computer world on September 8, 2009

  306. [...] are dead, that RSS represents a poor man’s technology. And yes, there’s even that whole “Wordpress hack attack” thing that’s been going on that WordPress needs to address. Fast. But just because [...]

    Pingback from Call Me A Geek, I Want RSSCloud on September 8, 2009

  307. [...] like Lorelle on WordPress have offered. If you have a WordPress blog yourself, you shouldalso read Matt Mullenweg’s tips on securing your WordPress installation. And Google Webmaster Central Blog recommends to site owners some best practices against hacking [...]

    Pingback from Mediation Channel hacked: a cautionary tale about security, safety online on September 8, 2009

  308. [...] found that the self-hosted WordPress blogs are under security risk and later Matt Mullenweg has to advised users to upgrade (Though, Robert Scoble still feel unsafe). The second big news was addition of a [...]

    Pingback from Read WordPress.com Blogs In Your (Jabber) IM Client on September 8, 2009

  309. [...] There is a worm making digging its way through older version of WordPress. It got started over the Labor day weekend and I expect it will continue until everyone’s WP is either infected or updated. Here is a link to Matt’s blog post on the worm. [...]

    Pingback from dVector Blogs for the World » Blog Archive » dVector’s WordPress is Secure on September 8, 2009

  310. [...] On the Word Press issue, I noticed starting about a week ago a user was created on my site.  I deleted it.  Then another, and up til today have had 6 user accounts created. I decided to figure out what bug this was, since I know it’s a bug and not an ‘all of a sudden’ interest in a very worthless piece of internet terrain.  Anyways, being slightly interested in what the attack was lead me to do a little investigation.  For what I read, go to these blogs: http://lorelle.wordpress.com/2009/09/04/old-wordpress-versions-under-attack/ and http://wordpress.org/development/2009/09/keep-wordpress-secure/. [...]

    Pingback from » Coffee Beans filtering my blood Of Pens and Swords on September 8, 2009

  311. [...] The post from WordPress is here. [...]

    Pingback from » Mobile Perspectives Housekeeping Note -- Mobile Perspectives on September 8, 2009

  312. [...] How to Keep WordPress Secure [...]

    Pingback from WordCast 68: WordPress Security and Keeping Your Blog Safe | WordCast - The #1 WordPress Podcast, with WordPress News, WordPress Tips, WordPress Plugins, WordPress Themes, Blogging News, Blogging Tips, and more! | Bitwire Media on September 8, 2009

  313. Upgrade WordPress to Latest Version to Stay Safe from Worm…

    A worm affecting older versions of WordPress has been getting lots attention in recent days. The worm takes advantage of a security flaw that allows it to register a new user, grant itself administrator privileges and wreak havoc with your permalink s…

    Trackback from Byte Size Updates on September 8, 2009

  314. [...] http://wordpress.org/development/2009/09/keep-wordpress-secure/ [...]

    Pingback from WordPress Security Alert | AlpineWeb Blog on September 9, 2009

  315. [...] Keep Word Press Secure This entry was written by Buck, posted on September 8, 2009 at 8:44 pm, filed under Uncategorized. Bookmark the permalink. Follow any comments here with the RSS feed for this post. Post a comment or leave a trackback. « previous post [...]

    Pingback from Got WordPress? Get updated. – Buck Hicks .Net on September 9, 2009

  316. [...] divulgado. O alcance do ataque é grande e atinge todas as versões até a 2.8.2, portanto siga o conselho dado pelos desenvolvedores do WordPress: atualize suas instalações [...]

    Pingback from O que anda acontecendo » Comunidade WordPress-BR on September 9, 2009

  317. [...] to agree with him. While the timing may or may not be designed to take the heat of yet more hacking threats to WordPress.org users, I’m somewhat frustrated that WordPress lacks many basic features and [...]

    Pingback from Pay No Attention to the WordPress Hacking Threats; Look at the Shiny rssCloud! | webmarketingexperts.com.au | webmarketingexperts.com.au | on September 9, 2009

  318. [...] users need an upgrade to a fairly new version (2.8.3 or newer) to fix a security hole that was recently discovered. That bit of news has been dispensed via various outlets including [...]

    Pingback from Ahren Code » Blog Archive » John Gruber’s 15 minutes of schadenfreude on September 9, 2009

  319. [...] tech story of last weekend was probably that WordPress installations around the world got hit by a nasty worm, so it was nice to see today that WordPress bounced back with an announcement that wordpress.com [...]

    Pingback from Now Supporting rssCloud… — Ken Clark's Blog on September 9, 2009

  320. [...] has posted a blog article regarding a worm going around the internet actively looking for a security vulnerability in all [...]

    Pingback from Worm attacking WordPress – Watch Out! | Shabbir on September 9, 2009

  321. [...] been reading a number of articles which have seriously questioned the future of WordPress after a nasty worm did the rounds, exposing anyone with an outdated version of WordPress. If anything, Scoble’s [...]

    Pingback from Reports of WordPress’ death are greatly exaggerated | cre8d design: blog designer on September 9, 2009

  322. [...] Matt o zabezpieczaniu WP [...]

    Pingback from Bezpieczeństwo i aktualizacje Wordrpess - WebFan on September 9, 2009

  323. [...] Posted in blog | Posted on 09-09-2009 | 0 Comments Tags: wordpress A couple months ago at WordCamp Chicago 2009, Matt Mullenweg had been asked by Dan Schulz on how to make WordPress more secure. Finally what he has said has been written in more detail at WordPress.org in the article How to Keep WordPress Secure. [...]

    Pingback from On WordPress Security Straight From Matt | blondish.net on September 9, 2009

  324. [...] from WordPress Blog. How to Keep WordPress Secure by Matt, 2.8.4, the current version of WordPress, is immune to this worm. (So was the release [...]

    Pingback from How to Secure your WordPress blog Against Hacking? | www.HWDOT.com on September 9, 2009

  325. [...] et informations: blog wordpress [...]

    Pingback from Nouvelle vulnérabilité WordPress, mise à jour obligé ! | DrLegendary on September 9, 2009

  326. [...] original post here: WordPress › Blog » How to Keep WordPress Secure advertising, archive, companies, design, download, downloads, features, hacks, importance, [...]

    Pingback from WordPress › Blog » How to Keep WordPress Secure | Global Blogger on September 9, 2009

  327. [...] here to read the rest:  WordPress › Blog » How to Keep WordPress Secure advertising, advice, archive, attack, attack-on-september, automattic, code, companies, current, [...]

    Pingback from WordPress › Blog » How to Keep WordPress Secure | Global Blogger on September 9, 2009

  328. Червяк для WordPress гуляет по Сети…

    Как оказалось, последние обновления WordPress были небесполезны ("Fortunately, because of the hard work of the WordPress open source community, the current (2.8.4) and most recent (2.8.3) versions are immune…"), ну а всем живущим …

    Trackback from Барсук в Паутине on September 9, 2009

  329. [...] past week I watched as older versions of WordPress were compromised. I was instantly concerned about my own installation as a few years ago my blog got hacked and [...]

    Pingback from Rolling Your Own - Cole Camplese: Learning and Innovation on September 9, 2009

  330. [...] Recently Matt Mullenweg wrote a blog post explaining why this strategy of keeping up to date with upgrades and patches is a good idea: How To Keep WordPress Secure [...]

    Pingback from Keeping WordPress Secure on September 9, 2009

  331. [...] founder Matt Mullenweg writes of the vulnerability: 2.8.4, the current version of WordPress, is immune to this worm. (So was the [...]

    Pingback from Whats Hot » Blog Archive » WordPress Responds to Attack: “Please Upgrade” on September 9, 2009

  332. [...] Więcej informacji na temat jak zapewnić bezpieczeństwo Twojego bloga na wordpressie znajdziesz na blogu Matta Mullenberga, twórcy WordPressa. [...]

    Pingback from WordPress zaatakowany – zaktualizuj teraz jeśli używasz wersji wp poniżej 2.8.4 : Najlepszy Blog on September 9, 2009

  333. [...] In case you missed it (though I’m not sure how you would) there was a scare for WordPress users out there that have been using an older version of the popular blogging engine about a worm going around an exploiting a hole to create a user, become an admin and quietly put spam links and malware into your posts without you knowing. The solution? Simple! Update right away!. [...]

    Pingback from Community News: WordPress worm makes its way around the web | Webs Developer on September 9, 2009

  334. [...] that Tawnya Sutherland of VAnetworking discovered that one of her websites had been hacked due to a security breach in an older version of WordPress.  Well, just before Tawnya made her announcement, I had posted my puzzling question on [...]

    Pingback from Fixing WordPress user sign up and upgrading WordPress | eZone Secretarial Services on September 9, 2009

  335. [...] exposing yourself to security risks. Just this week, WordPress announced that there’s a security threat affecting certain versions of its software. If you’re running these versions, either you pay to have them upgraded (it can get tangly if [...]

    Pingback from Refactoring – Making Your Agent Site Run Better « AgentMethods – Insurance Agent Websites, Web Design, and Internet Marketing on September 9, 2009

  336. [...] Via the offi­cial WP blog [...]

    Pingback from How to Keep WordPress Secure « Atlanmeer Studio on September 10, 2009

  337. [...] exploits that take advantage of older installs of the software. Even the official development blog posted a response encouraging users to keep their blogs upgraded. Lorelle has posted some information about the [...]

    Pingback from WordPress Security Buzz :: CMS Design Resource on September 10, 2009

  338. [...] out this great article for more information on WordPress [...]

    Pingback from Why Use The WordPress Platform? on September 10, 2009

  339. [...] the weekend, there was a lot of uproar about a worm attack on WordPress installations that wrecked some notable blogs. Amid the sometimes-smug observations by the [...]

    Pingback from Blogs and Baked Goods | reabilita.me on September 10, 2009

  340. [...] WordPress Blog ist vor kurzem ein Beitrag erschienen, der sich mit der Sicherheit von WordPress beschäftigt. Die Kernaussage lautet: The only thing [...]

    Pingback from webanalyser-Blog » Blog Archive » WordPress.org: Sicherheit nur durch Upgrading? on September 10, 2009

  341. [...] juga disebutkan oleh salah satu pengembang wordpress sendiri (matt) untuk segera upgrade ke versi terbaru ( 2.8.4 saat [...]

    Pingback from Serangan worm terhadap WordPress versi lama | ebsoft.web.id on September 10, 2009

  342. [...] dashboard, I noticed a link to a post by Matt Mullenweg, the founding developer of WordPress.  The post itself is about how to keep WordPress (meaning your blog) secure from hackers, worms, and other malware.  [...]

    Pingback from Dave’s Whiteboard » Blog Archive » Snake oil, clubs, and real solutions (with thanks to Matt) on September 10, 2009

  343. [...] past weekend several WordPress websites were attacked by a worm. Even though my WordPress blogging software was not up to date, was not effected since it [...]

    Pingback from Joe’s Home Page .com – A Weblog for Joseph Villalobos » Blog Archive » WordPress under attack! on September 10, 2009

  344. [...] un interessante post di Matt sul perchè i blog vanno aggiornati anche in merito al worm che sta facendo strage di [...]

    Pingback from Perchè aggiornare i vostri blog? | Fogli Sparsi on September 10, 2009

  345. [...] Aufregung war groß in den letzten Tagen: Ein Wurm, der im Internet derzeit sein Unwesen treibt, befällt WordPress [...]

    Pingback from Sicher bloggen mit WordPress? Teil 1 on September 10, 2009

  346. [...] a huge fuss last weekend about a WordPress worm wreaking havoc on websites which hadn’t been upgraded by their owners. I am often in my WordPress admin panel and so I will see quite quickly that there [...]

    Pingback from Lions Go Roar » Update Notifier Released on September 10, 2009

  347. [...] razão para isso está bem explicada neste post do blog oficial do WordPress: How to Keep WordPress Secure. Para quem não entende inglês, traduzo aqui o trecho mais importante: Neste momento há um worm [...]

    Pingback from Perigo à Vista!! Atualize Seu WordPress – Já! on September 10, 2009

  348. [...] diesem blog beschäftigt sich ein ambitionierter blogger mit der sicherheit der wordpress engine, die in den letzten tagen vermehrt unter beschuss geriet, durch einen wurm/hack, der sich [...]

    Pingback from dantiku blog » Blog Archive » wordpress security check on September 10, 2009

  349. [...] WordPress Blog states that this worm does not affect the current version of the blog publishing software, which is [...]

    Pingback from Worm attacking WordPress – Update your WordPress blog now! | Tricia's Musings on September 10, 2009

  350. [...] -How to Keep WordPress Secure at the WordPress Blog. [...]

    Pingback from Melissa Barton » Blog Archive » WordPress Worm–Upgrade to 2.8.4 Now! on September 11, 2009

  351. [...] zonă a unui blog, comentariile, dar, după cum recent ne-au demonstrat, și mă refer aici la vulnerabilitatea descoperită în blogurile wordpress self hosted, hackerii au suficiente mijloace pentru a “strica” buna funcționare a unui [...]

    Pingback from Antispam (5) | WordPress Romania on September 11, 2009

  352. [...] Note from the Developers: Hi guys, we’ve had a few users who’s server configuration effected their upgrade. We would just like to remind you all that if you aren’t doing so, please backup your databases before upgrading. If your site is valuable to you, make sure you take the time to backup your database and files. As Matt recently said in his wordpress security blog post ‘A stitch in time saves nine’ [...]

    Pingback from The Fix 3.7.5 Beta1 | Instinct Entertainment on September 11, 2009

  353. [...] do…something. Post spam? Malware links? The sky is the limit, really. (WordPress announcement here, information about the latest security update, 2.8.4, [...]

    Pingback from Of Bytes and Badges » Unpatched WordPress Users Hit by Worm on September 11, 2009

  354. [...] Mullenweg, desarrollador de la aplicación, publicó un post avisando del problema: “Hay un gusano que se está paseando por versiones de WordPress viejas y sin actualizar. Este [...]

    Pingback from Un gusano en tu blog « VTR | Hosting :: Blog de Ayuda al Cliente on September 11, 2009

  355. [...] http://wordpress.org/development/2009/09/keep-wordpress-secure/ [...]

    Pingback from wordpress hacked 2.8.4 | Economopoulos Site on September 12, 2009

  356. [...] wordpress.org: How to Keep WordPress Secure [...]

    Pingback from blog from OUR kitchen » Wish me luck…. on September 12, 2009

  357. [...] about blogging! Maybe I wouldn’t make a come back this soon if Matt over there didn’t wrote that scary post about the recent WordPress worm. I’m invulnerable to it since I turned off user registration [...]

    Pingback from Comeback | Silent Wind on September 12, 2009

  358. [...] assim, não tinha pressa, até que li este artigo, “Perigo à Vista“, e me assustei. O site oficial do WordPress também explica sobre os riscos de permanecer em um release [...]

    Pingback from Instalar o WordPress 2.8.4 | Dicas do Timoneiro on September 12, 2009

  359. [...] that do not keep their sites up to date are putting their reputations at risk. According to a recent announcement on the WordPress blog, a worm is making its way around the internet. The worm is exploiting [...]

    Pingback from xenoactive.org » Blog Archive » Lazy WordPress Bloggers Put Blogs At Risk on September 12, 2009

  360. [...] now I’m going to tell you that I did find a blog post worth passing on.  It’s from Matt, over at wordpress.org, on how to keep wordpress secure.  But don’t just stay on the first paragraph.  This is [...]

    Pingback from WordPress worms, and the importance of maintenance | Web Consulting Washington DC on September 12, 2009

  361. [...] Have a look at this post from the WordPress team for more info. var addthis_pub = 'paulhayton'; var addthis_language = 'en';var addthis_options = 'email, favorites, digg, delicious, myspace, google, facebook, reddit, live, more'; [...]

    Pingback from paulhayton.co.nz » Update Applied on September 12, 2009

  362. [...] article explains this problem more, and will give you more information in you are [...]

    Pingback from D-Kidd.com » Blog Archive » Worm running around attacking WordPress Sites Everywhere on September 12, 2009

  363. [...] How to Keep WordPress Secure Posted September 5, 2009 by Matt. Filed under Development, Security. [...]

    Pingback from How To Keep WordPress Secure | DaveDesign.us on September 12, 2009

  364. 怎样保证WordPress的安全…

    翻译自原文:How to Keep WordPress Secure
    由 Matt所写。 归档于 开发, 安全.。
    小洞不补大洞吃苦。对于bloggers来说这是永恒的真理,仅仅花一点时间在马上就升级上省下了很多之后修复一些问题的工作。
    现在,旧版本WordPress并且也没打补丁的正遭受一种蠕虫病毒的攻击。这种特别的蠕虫病毒(跟以前的差不多)的攻击方法很聪明:先注册一个用户,利用一个安全漏洞(在今年早些时候已经修复)使攻击代码通过永久链接来执行就可以使得这个用户获得管理员权限,接着当你查看当前用户…

    Trackback from AaronMix on September 13, 2009

  365. [...] Some more information on securing wordpress could be found on their official blog. [...]

    Pingback from Blog back after a wordpress attack | Abhi Blog on September 13, 2009

  366. WordPress upgrades: your best defence….

    Matt has an interesting blog post at the WordPress blog about why you should keep your WordPress version up-to-date (as if you needed another reason). Matt compares 3 types of WordPress security advice: snake oil. Club solutions and real advice (see hi…

    Trackback from lucasmcdonnell.com on September 13, 2009

  367. [...] essay from the WordPress dev team on the importance of upgrading for security reasons, although, as I [...]

    Pingback from Upgrade to new version and WordPress for iPhone | Mind of a Daemon on September 14, 2009

  368. [...] In case you don’t believe me, read “How to Keep WordPress Secure” on the WordPress.org [...]

    Pingback from How hard is it really to secure WordPress? — PluginsPress.com on September 14, 2009

  369. [...] Check Official Update from WordPress Blog : How to Keep WordPress Secure [...]

    Pingback from How to secure your blog from Hacking, Virus Attack and from unauthorised access. | Jaydip Parikh on September 14, 2009

  370. [...] Hvis du i din WordPress blog får ind disse brugere så pas på. Hvad disse hackere gør, er de opretter sig som brugere, får adgang til systemet og ændrer sig til administrator. Derefter er du selv udelukket. Du kan få den fulde historie og løsning her. [...]

    Pingback from Skoletjensten » Blog Archive » Pas på on September 14, 2009

  371. [...] WordPress Attack [...]

    Pingback from Keeping WordPress Secure | Holly Powell on September 14, 2009

  372. [...] am terminat de adus la zi versiunile de WordPress pentru toate sectiunile siteului. In lumina ultimelor amenintari a fost singurul lucru pe care il puteam face, pentru ca oricate motive am gasit pana in momentul [...]

    Pingback from Cand textul e mijlocul prin care te vaiti | TownPortal Blog on September 15, 2009

  373. [...] out it’s a worm, trying to hack my [...]

    Pingback from Yetta’s Wyrd - That Explains It on September 15, 2009

  374. [...] of Hearing what users should do ? Huh ? O.K. Lets talk about what WordPress should do [...]

    Pingback from What WordPress should Do ? | S . P . A r u n . I n on September 15, 2009

  375. [...] Don’t you just LOVE it when there’s a blogger you read (or watch) and they blog for a while and then they just disappear for a few weeks?  Sure, they’re on twitter, and they utter now and again (despite Utterli having tremendous telephone interface issues), and they pop up their head every once in a while to do a blog upgrade or two (if you haven’t heard yet, all you WordPress users should make sure you upgrade). [...]

    Pingback from So much going on… | The blog of whall on September 15, 2009

  376. [...] me? Read it. here is the link: http://wordpress.org/development/2009/09/keep-wordpress-secure/ No TweetBacks yet. (Be the first to Tweet this post)Please post your thoughts [...]

    Pingback from What do car thieves and computer hackers have in common on September 15, 2009

  377. [...] there's a security issue, upgrading is essential. When a new plugin comes out, updating is normally the right move — [...]

    Pingback from Managing Your WordPress Installation - Junger Media on September 15, 2009

  378. [...] who got hit by the WordPress worm that’s been doing the [...]

    Pingback from ianmjones — Yikes, I’ve Been Hacked! on September 16, 2009

  379. [...] Då jag har en del bloggar hostade så underlättar det det administrativa arbetet. Läste nyligen ett blogginlägg på WordPress egna blogg om hur viktigt det är att hålla sina bloggar uppdaterade, så tänkte [...]

    Pingback from Skript som uppdaterar dina WordPressbloggar — Viktor Rutbergs blogg on September 16, 2009

  380. [...] anything earlier than WordPress 2.8.4 is considered insecure, we’ve decided to tighten our upgrade restrictions.  RegLevel users must now upgrade to at [...]

    Pingback from Update for RegLevel : Jumping Duck Media on September 16, 2009

  381. [...] to understand what was going on, (Thank you to my Twitter friends, and especially you Lorelle!) and what to do about it… it was time to go through each and every site I run and/or manage for my clients. A daunting [...]

    Pingback from Updating WordPress Tips and Tricks | Custom Design and Digital Art on September 17, 2009

  382. [...] heter det senaste missfostret på webben, det är en bloggmask som angriper WordPress-bloggar. Alla versioner innan 2.8.3 (tror jag det var) är sårbara. Drabbas du, så kan du från [...]

    Pingback from Bloggen uppdaterad till WordPress 2.8.4 | Sagor från livbåten on September 17, 2009

  383. [...]  http://wordpress.org/development/2009/09/keep-wordpress-secure/ [...]

    Pingback from jen’s explorataopus :: keeping WP secure :: September :: 2009 on September 17, 2009

  384. [...] up, terrific: pick an infrastructure option where that’s done for you. It’s true of WordPress, yes, but it’s true of pretty much all software: upgrading is the only way to keep yourself [...]

    Pingback from tecosystems » Hackers Broke in and Messed Up the Place and It’s My Fault on September 17, 2009

  385. [...] Keep WordPress Secure Ideas To Improve WordPress Release Strategy Are you Responsible Enough To Run WordPress Security Goes Beyond Having WordPress Up To Date WordPress Users Or Mashable Readers Can’t be This Stupid – Can They? [...]

    Pingback from WPWeekly Episode 72 – End User Responsibility And WordPress Security on September 18, 2009

  386. [...] How to Keep WordPress Secure [...]

    Pingback from Moluge Design » Blog Archive » [重要]旧版WordPressにセキュリティホール on September 18, 2009

  387. [...] are many other ways to make a WordPress website more secure but you can’t assume you’ll never be hacked (it happened to me only last week). [...]

    Pingback from Charities have least secure websites « Nonprofit web design « by Jason King on September 19, 2009

  388. [...] How to Keep WordPress Secure (WordPress.com) [...]

    Pingback from SitePoint Podcast #28: Artisanal Bread on September 19, 2009

  389. [...] Just nu pågår en hackerattack mot gamla versioner av WordPress enligt rapporter från WordPress utvecklare och anhängare. De som drabbas växer timme för timme. Det finns bara en lösning, uppgradera din blogg nu, innan du hinner läsa klart raderna här! Mer läsning i WordPress Blog – How to Keep WordPress Secure. [...]

    Pingback from Gamla WordPress-versioner attackeras! | WP-Support Sverige on September 19, 2009

  390. [...] http://wordpress.org/development/2009/09/keep-wordpress-secure/ [...]

    Pingback from Maintenir WordPress sécurisé | Le blog on September 19, 2009

  391. [...] an attack from the “WordPress Worm” recently. After trying  a few manual repairs to the database and file system, I lost [...]

    Pingback from Got hacked… « sosidge.com on September 19, 2009

  392. [...] Find out more here – http://wordpress.org/development/2009/09/keep-wordpress-secure/ [...]

    Pingback from Website Hacking - the latest worm... | South Gippsland Website Design on September 20, 2009

  393. [...] It then makes itself an admin and uses JavaScript to hide itself when you look at the users page. It cleverly clean up after itself and usually goes unnoticed while it apparently inserts hidden spam and malware into your old posts. wordpress.org/development/2009/09/keep-wordpress-secure/ [...]

    Pingback from How I Found Out My Websites Have Been Hacked | South Gippsland Website Design on September 20, 2009

  394. [...] this site fell victim to a nasty worm that’s been making its way across the WordPress [...]

    Pingback from Stay tuned. | NikkiSerapio.com on September 20, 2009

  395. [...] was spreading some words lately about WordPress security. His suggestion: keeping current. Not a that bad Idea, but please [...]

    Pingback from artnorm // WordPress Security // simply perfect slim /// // / on September 20, 2009

  396. [...] you? Check out this security advisory from WordPress and be sure to upgrade yours [...]

    Pingback from We’ve upgraded our WordPress @ The Official stayDublin.com Blog on September 21, 2009

  397. [...] werden konnte, wurde das Thema “WordPress Absichern” auch nochmal von Matt Mullenweg im WordPress Blog aufgegriffen. Im Folgenden habe ich die wichtigsten Punkte zusammengefasst und ein paar Plugins [...]

    Pingback from WordPress Blog Absichern - WordPress - Compboard Blog on September 22, 2009

  398. [...] How to Keep WordPress Secure [...]

    Pingback from Kolejny test, nic specjalnego « E-busola - Blog firmowy on September 22, 2009

  399. [...] keep wordpress secure. [...]

    Pingback from Older versions of WordPress under attack posted @ drew3ooo on September 22, 2009

  400. [...] version is available, I’ll be risking my blogs future in more than one way – read this post from WordPress development blog, which talks about one of the recent worms in WordPress which can [...]

    Pingback from Have You Upgraded To The Latest Version Of WordPress – If Not May Be This Is Worth A Read | Computer Tips And Tricks, Gadgets, How-To, Life - 2.0 Style on September 22, 2009

  401. [...] if you’re willing to keep WordPress updated religiously, you get access to a whole world of WP plug-ins that add features to your site, the opportunity to [...]

    Pingback from The Beginner’s Guide to Tricking Out Your WordPress Blog [WordPress] · TechBlogger on September 23, 2009

  402. [...] if you’re willing to keep WordPress updated religiously, you get access to a whole world of WP plug-ins that add features to your site, the opportunity to [...]

    Pingback from Helvetica vs. Times » The Beginner’s Guide to Tricking Out Your WordPress Blog: on September 23, 2009

  403. [...] web site owners. While the official WordPress development blog states that the WordPress team is doing everything they can, others have been wondering if more could be done. I would like to get a discussion going here at [...]

    Pingback from Supported Legacy Branches For WordPress.org? on September 23, 2009

  404. [...] if you’re willing to keep WordPress updated religiously, you get access to a whole world of WP plug-ins that add features to your site, the opportunity to [...]

    Pingback from The Beginners Guide to Tricking Out Your WordPress Blog « Official Blog of Brad Stoller on September 23, 2009

  405. [...] if you’re willing to keep WordPress updated religiously, you get access to a whole world of WP plug-ins that add features to your site, the opportunity to [...]

    Pingback from The Beginner’s Guide to Tricking Out Your WordPress Blog [WordPress] « Coolbeans on September 23, 2009

  406. [...] if you’re willing to keep WordPress updated religiously, you get access to a whole world of WP plug-ins that add features to your site, the opportunity to [...]

    Pingback from The Beginner’s Guide To Tricking Out Your WordPress Blog | Lifehacker Australia on September 23, 2009

  407. [...] due to this. Yes, Blanc was hit, along with other sites I manage. Not fun. Fortunately, I updated fast enough [...]

    Pingback from Adventures of Blanc » Archive » Update on the AoB website on September 23, 2009

  408. [...] auf dem das Blog läuft. Das WordPress-Blog hatte da ein paar unschöne Berichte, z.B. “How to Keep WordPress Secure” oder “WordPress 2.8.4: Security [...]

    Pingback from Digitaler Heimwerker » Server-Sicherheit – ein erster Eindruck on September 23, 2009

  409. [...] if you’re willing to keep WordPress updated religiously, you get access to a whole world of WP plug-ins that add features to your site, the opportunity to [...]

    Pingback from The Beginner’s Guide to Tricking Out Your WordPress - KDI Media - Web Design and Development - Savannah GA on September 24, 2009

  410. [...] How to Keep WordPress Secure 5 de Setembro de 2009 A stitch in time saves nine. I couldn’t sew my way out of a bag, but it’s true advice for bloggers as well — a little bit of work on an upgrade now saves a lot of work fixing something later. Right now there is a worm making its way around old, unpatched versions of WordPress. [...] […] [...]

    Pingback from SuperAmarela - Olá, mundo! on September 26, 2009

  411. [...] web site owners. While the official WordPress development blog states that the WordPress team is doing everything they can, others have been wondering if more could be done. I would like to get a discussion going here at [...]

    Pingback from WordPress是否该维护旧版本? « 晓闻心雨 on September 27, 2009

  412. [...] a note on why to keep patching – How To Keep WordPress Secure over at the WordPress dev blog – definately worth a [...]

    Pingback from A note on WordPress security… | Sven Welzel - www.svenwelzel.com - blog.sven.co.za on September 28, 2009

  413. [...] How to keep WordPress secure No comments [...]

    Pingback from WordPress Worm on September 30, 2009

  414. [...] very vulnerable to this worm. Matt, the co-founder of WordPress, wrote a blog entry on how to keep your WordPress secure and if you have not read it, I suggest that you read it. He explained everything [...]

    Pingback from BLOG » Upgrade and Keep your WordPress Secure » Sofie Estolloso Hofmann Designs International - Weggis, Switzerland on October 1, 2009

  415. [...] original post @ WordPress [...]

    Pingback from How to Keep WordPress Secure « News snippets on October 1, 2009

  416. [...] sites are reporting that a major attack on WordPress blogs started few days back. The latest version of WordPress, 2.8.4, is not vulnerable to this particular [...]

    Pingback from WordPress Attack Underway: WordPress Users Must Upgrade | Naseer Ahmad Mughal on October 2, 2009

  417. [...] How to Keep WordPress Secure 5 septembre 2009 A stitch in time saves nine. I couldn’t sew my way out of a bag, but it’s true advice for bloggers as well — a little bit of work on an upgrade now saves a lot of work fixing something later. Right now there is a worm making its way around old, unpatched versions of WordPress. [...] […] [...]

    Pingback from Julie Bas » Blog Archive » test article n°1 on October 3, 2009

  418. [...] to some WordPress blogs using outdated versions of the blogging software, according to a post by Matt Mullenweg, founding developer of [...]

    Pingback from Have you been infected? | Designs For The Future on October 4, 2009

  419. [...] if you’re willing to keep WordPress updated religiously, you get access to a whole world of WP plug-ins that add features to your site, the opportunity to [...]

    Pingback from The Beginner’s Guide to Tricking Out Your WordPress Blog WordPress « Technolgy Integration in the Middle on October 4, 2009

  420. [...] Liens: Lorelle on WordPress: Old WordPress Versions Under Attack Smackdown: How To Completely Clean Your Hacked WordPress Installation WordPress Blog: How to Keep WordPress Secure [...]

    Pingback from WordPress: quelques notions de base concernant la sécurité | Descary.com on October 4, 2009

  421. [...] How To Keep WordPress Secure (WordPress Blog) [...]

    Pingback from WordPress Security Tip: Don’t Post From Your Admin Account | Es Developed - Fresh Website and Graphic Design on October 5, 2009

  422. [...] 原文:How to Keep WordPress Secure [...]

    Pingback from 饼干小窝 » 如何确保 WordPress 的安全 on October 6, 2009

  423. [...] major vulnerability announcements from Microsoft, Adobe, and now even the popular website hosting platform, WordPress, I decided it was definitely time to sit down with my friends on the WBIR morning show for a [...]

    Pingback from test.danandholly.com » Keeping it up-to-date on October 6, 2009

  424. [...] It is very important to keep your installed scripts (like WordPress, Drupal, OS Commerce etc) updated regularly. From a recent post by WordPress’ development team: How to Keep WordPress Secure [...]

    Pingback from Tips for Cleaning & Securing Your Website | WEB4AFRICA.INFO on October 6, 2009

  425. [...] This article will teach you how to protect your blog from hackers: Learn how to keep wordpress secure. [...]

    Pingback from Protect Your WordPress Site from Hackers on October 7, 2009

  426. [...] shell (takes a little more expertise, but allows you to backup your wordpress directory first).  Keeping wordpress secure may seem daunting, or troublesome, but remember that your online presence is at risk, and [...]

    Pingback from Kill All Humans / A self indulgence » Are you keeping your wordpress blog software up to date? on October 7, 2009

  427. [...] Tell me more [...]

    Pingback from WordPress Security Alert [sept, 2009] on October 7, 2009

  428. [...] I found this post on the WordPress development blog which explains in more details about what these worms do and how [...]

    Pingback from eatanicecream.com » So what do you do if your WordPress blog gets hacked? on October 8, 2009

  429. [...] keeping wordpress secure [...]

    Pingback from Tenacious Frog - WordPress Security on October 8, 2009

  430. [...] How to Keep WordPress Secure [...]

    Pingback from From the Blog « on October 8, 2009

  431. [...] How to Keep WordPress Secure http://wordpress.org/development/2009/09/keep-wordpress-secure/ [...]

    Pingback from Agenzia Immobiliare di Roma (annunci) 's status on Friday, 09-Oct-09 05:41:42 UTC - Identi.ca on October 9, 2009

  432. [...] wordpress.org/development/2009/09/keep-wordpress-secure/ [...]

    Pingback from Ong Jiin Joo : WordPress Upgraded! on October 9, 2009

  433. [...] The whole post is a must-read for anyone using WordPress. Tagged as: Django, Joomla, Python, Ruby, Security, WordPress [...]

    Pingback from Smashing Magazine Web Site Goes Down | DIY Web Guide on October 10, 2009

  434. [...] very frequent recently and another latest version WordPress 2.8.4 has been released. The purpose WordPress team upgraded WordPress version to 2.8.4 was because there is a worm making its way around old, [...]

    Pingback from Upgrade to WordPress 2.8.4 to Prevent Bugs | Turtle Juice: Making Money Online on October 12, 2009

  435. [...] Computer crime is rampant and quite profitable. Websites have long been defaced for fun or viruses and worms released to cause disruptions,  Now there’s an incentive for criminals to avoid detection, to add your machines to a botnet for hire, or hide spam and ad links in your WordPress blog. [...]

    Pingback from AnyHosting » Blog Archive » national cybersecurity awareness month on October 13, 2009

  436. [...] 旧版WordPressのセキュリティホールを狙ったワームのレポート How to Keep WordPress Secure [...]

    Pingback from moluge design » Blog Archive » [重要]旧版WordPressにセキュリティホール on October 13, 2009

  437. Secure Your WordPress Site…

    Matt from WordPress has published a great article on WordPress Security. Read the full aricle: How to Keep WordPress Secure. ……

    Trackback from New York Web Design on October 13, 2009

  438. [...] popular NZ blog I follow got infected by something like the worm mention in this wordpress.org post. They were running a very old version of wordpress, 2.5.X or some such. When I spoke to one [...]

    Pingback from Upgrading wordpress – please do — Somewhere out there! on October 13, 2009

  439. [...] the most up to date version of WordPress is crucial for your blog’s security. WordPress blog went to extreme measures on emphasizing the point that users must upgrade their blog for security [...]

    Pingback from Ultimate Guide to Upgrade WordPress [Infograph] on October 14, 2009

  440. [...] How to Keep WordPress Secure – “The only thing that I can promise will keep your blog secure today and in the future is upgrading.” – Matt Mullenweg [...]

    Pingback from WordPress 2.8.4 е уязвим! @ Blog.Caspie.Net on October 15, 2009

  441. [...] from WordPress on Attack: How to Keep WordPress Secure. Information on the most recent update of WordPress that prevented this attack on updated WordPress [...]

    Pingback from Old WordPress Versions Under Attack | All Tutorials - Blogger - WordPress - Joomla - Design - Insurance on October 15, 2009

  442. [...] How to Keep WordPress Secure by Matt Mullenweg [...]

    Pingback from Indy Telecom & Industrial Media - Karthik Narayanaswami on the Web » Metlin.org Hacked on October 18, 2009

  443. [...] WordPress › Blog » How to Keep WordPress Secure [...]

    Pingback from Condensed Knowledge – October 18, 2009 – Lists - Raoul Pop on October 18, 2009

  444. [...] How to Keep WordPress Secure September 5, 2009 A stitch in time saves nine. I couldn’t sew my way out of a bag, but it’s true advice for bloggers as well — a little bit of work on an upgrade now saves a lot of work fixing something later. Right now there is a worm making its way around old, unpatched versions of WordPress. [...] [...]

    Pingback from Popular WordPress plugins « Social Media Greece on October 19, 2009

  445. [...] http://wordpress.org/development/2009/09/keep-wordpress-secure/ [...]

    Pingback from SECURITY: Advice from WordPress themselves | Reviews, Tests & Technical Information on October 19, 2009

  446. [...] WordPress trackback With all the security problems around previous versions of WordPress platform, it is a great idea to immediately upgrade WP installations to the latest available version. Take that, [...]

    Pingback from WordPress Goes 2.8.5 « 37prime on October 21, 2009

  447. [...] all the security problems around previous versions of WordPress platform, it is a great idea to immediately upgrade WP installations to the latest available version. Take that, [...]

    Pingback from 37prime.news » WordPress Goes 2.8.5 on October 21, 2009

  448. [...] we would have avoided this outcome. You see – we should have known and taken action when the founder of WordPress alerts both aforementioned lists that… “A stitch in time saves nine. I couldn’t sew my way [...]

    Pingback from WordPress Maintenance Guide - How To Take Care Of WordPress | Web Strategy Workshop on October 21, 2009

  449. [...] check out the Matt’s post on “How to Keep WordPress Secure“. AKPC_IDS += "30,";Popularity: unranked [?]Share/SavePeople have also read this:September 5, [...]

    Pingback from WordPress 2.8.5 is here! Upgrade Now! « . : My Life and Me : . on October 21, 2009

  450. [...] 10, 2009 · 3 Kommentare Die Aufregung war groß in den letzten Tagen: Ein Wurm, der im Internet derzeit sein Unwesen treibt, befällt WordPress [...]

    Pingback from Sicher bloggen mit WordPress? Teil 1 « My Blog on October 22, 2009

  451. [...] Upgrade early, and upgrade often, as you can always fix your widgets and plugins later (as you can always replace incompatible plugins with rivals who are staying up to date!) [...]

    Pingback from Is Your WordPress Blog Haunted? | The Blog Herald on October 31, 2009

See Also:

For more WordPress news, check out the WordPress Planet.

There’s also a development P2 blog.

To see how active the project is check out our Trac timeline, it often has 20–30 updates per day.

Categories

%d bloggers like this: