Worm attacking WordPress – Update your WordPress blog now!

Posted by  in Thursday, September 10th 2009   
7 Comments

Yesterday I learned that a worm has been attacking a number of WordPress blogs. If your blog hasn’t been attacked yet the easiest way to prevent an attack is to update your WordPress installation to the latest version – 2.84.

The worm seems to be attacking older installations, infecting posts with spam and malware that gets downloaded when readers visit them.

The WordPress Blog states that this worm does not affect the current version of the blog publishing software, which is 2.8.4, but the company is strongly recommending that users running older versions upgrade immediately.

The worm registers a user and leverages a security flaw in older versions to execute code through the permalink structure. It them makes itself an administrator and uses JavaScript to hide itself when blog readers visit a page. Meanwhile it has inserted spam and malware into older posts.

The worm fails to properly clean up after itself once it has infected a page, according to WordPress, and users may notice that their links are broken – a telltale sign that the worm has visited.

Four things you should do to protect your blog and it’s data from hackers and worms:

  1. WordPress is pretty good about watching out for security holes and making patches for them – hence the regular updates to their blogging software. For this reason, it’s wise to update your WordPress installation shortly after a new version comes out.
  2. It’s also wise to make sure that all of your plugins are up to date as well as they can have security holes as well.
  3. Another way to protect your blog is to not use the standard “admin” login. Create your own unique Admin login and change your password regularly. keep in mind that creating a complicated password with both capital and small letters as well as numbers will be harder to hack.
  4. Another safe practice is to backup your blog regularly. Backing up your blog is really quite easy to do, even if you’re a novice WordPress user. Just install the WordPress Database Backup plugin and you’ll be able to back up your blogs files and tables anytime you want and you can even schedule hourly, twice daily, daily or once weekly backups. Scheduled backups are e-mailed to you so you always have a fairly current copy of your sites files on your computer.

My husband and I have seventeen blogs between us, so I spent several hours yesterday updating plugins and updating the blogs to version 2.84. At least updating is really easy now with WordPress’ one click update. There’s no excuse not to update now – even if you do have a lot of blogs like my husband and I! Luckily our blogs weren’t too far behind and as far as I can tell haven’t been hit by this malicious worm.

Related Reading:

D-Link DCS-930L mydlink-Enabled Wireless-N Network CameraD-Link DCS-930L mydlink-Enabled Wireless-N Network Camera
WordPress Power Guide - Using WordPress to Blog Your Way to Success - Blogging GuideWordPress Power Guide - Using WordPress to Blog Your Way to Success - Blogging Guide
Iron-On Patch 4-Pack: 5" Light & Dark DenimIron-On Patch 4-Pack: 5" Light & Dark Denim
Admin - Netzwerk & Security
The Weather in the Streets (Virago Omnibus)
Topics: Blogging, Internet, Web and Technology, Wordpress, Wordpress Plugins
Tags: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,




Related Post

Spread the word

Digg this post

Bookmark to delicious

Stumble the post

Add to your technorati favourite

SUBSCRIBE to this post



6 users responded to this post

Michael | care homes uk said in September 11th, 2009 at 6:15 am    

Thanks Tricia, I hadn’t heard about this worm. Have a few WordPress blogs that could probably do with some updating asap! So thanks for the heads up!!

fitted hats said in September 12th, 2009 at 10:42 pm    

Making sure your WordPress software is up to date is vital to every blogger out there. Protect your investment folks. God for bid something happens to your site and its content and puts you off the grid for a couple days, if not weeks. It could seriously hurt your income and your traffic.

JND said in September 13th, 2009 at 6:08 pm    

This is good information, the good thing about wordpress being open source is the updates which are released. Thanks for the heads up!

Tricia said in September 17th, 2009 at 7:39 pm    

JND yes I’m happy that wordpress keeps an eye on things and updates whenever there might be a security issue. It used to be a pain to update WordPress (at least for me with so many sites) but now that the one click update works properly it’s a breeze and therefore no one should have an excuse for not updating!

Tricia said in September 17th, 2009 at 7:43 pm    

fitted hats yes you’re right – updating your blogging or website software is very important. So is keeping a backup of your data! If your site were to get hacked you could have it back up and looking like it used to within hours if you have a recent backup … if not … we’ll you’d have to try to hunt down your posts on feed readers, Google cache and the way back machine and do a lot of work to perhaps get rid of malicious code from your site and database left there by a hacker or worm attack. Much easier to just start over with a new install, new data base and then a backup to restore the old site.

Tony Lee said in September 26th, 2009 at 10:53 pm    

I got word of this worm and the urgency to update through some forums I read.

Of all the attacks on WordPress blogs, this seemed to be the most sinister, so I quickly went to my cpanel and updated everything!

I’ll keep a closer eye on future updates as they become available and won’t procrastinate again….

1 Pingback & Trackback On This Post
Leave Your Comments Below

Comments are moderated. Your comments are welcome, but if you leave comment spam your comment and url(s) will be deleted!

«
»