arghyle

That’s right, Wordpress.com’s Blog is reporting that Wordpress 2.1.1 installations from the past few days are not secure. Apparently their server was hacked and the Wordpress master files were changed to open up a security hole somewhere deep in the wp-includes files.

So basically, uh, worst case scenario.

This blog was not affected as it was using 2.1.1 since a few hours after being released, but I took the time to upgrade to 2.1.2 anyway. Considering how many people use Wordpress and how many major blogs rely on it, this is a major blunder on the part of the Wordpress team. I mean, I can’t totally fault them, servers get hacked- it sucks but it happens- but the majority of their business is based around serving two files, they should keep a pretty close on eye these. If either files changes and it was not due to a new version, well then it’s a safe bet that something is wrong.

Anyway, this blog is safe, at least for now. Hopefully the word will get out and everyone will upgrade their blogs in time.

From the post:

Long story short: If you downloaded WordPress 2.1.1 within the past 3-4 days, your files may include a security exploit that was added by a cracker, and you should upgrade all of your files to 2.1.2 immediately.

Trackback URI |