That's really annoying. I have some blogs about dancing with very personalized themes and who knows what will happen if i upgrade.
FireMom
· 3 months ago
Absolutely nothing happened to any of my themes on any upgrade. It shouldn't if you are coded properly.
Ferodynamics
· 3 months ago
You're only vulnerable if you had "Anyone can register" checked in general settings.
Harrison
· 3 months ago
No that box wasn't checked I got hit.
Pierfrancesco Marsiaj
· 3 months ago
Just do the upgrade. Themes are safe. I've done it hundreds of times. Though I suggest a DB backup and an entire sites tree backup too before upgrading. Just in case...
Andrea Hill (afhill)
· 3 months ago
that's what I love about using the thesis theme - all customizations are contained within the themes folder.
Sorry, I know that doesn't help you right now -- just a consideration for future projects.
Also - I think this may only be an exploit if you were using 2.82 or 2.83? So if you haven't updated in awhile, you may be ok?
Matt
· 3 months ago
Actually with every theme in the world the customizations are contained within the themes folder -- that's the whole point of themes and why they were created 4 years ago.
Chris Harrison
· 3 months ago
Andrea, if you're modifying core, you're doing it wrong. If you're working with developers that insist on modifying Wordpress core code, I'd stop working with them ASAP. Pretty much everything you might want to do to modify Wordpress can be done via plugins, a functions.php file specific to the theme, or through options that Wordpress' many functions support.
Andrea Hill (afhill)
· 3 months ago
Hi Matt - that's true of course, but many folks modify different core files to achieve the functionality they want (where theme just modifies the front-end display, not the actual functions)
Andrea Hill (afhill)
· 3 months ago
(and yes, I know that's not ideal, but I've certainly seen it time and again with different developers I've had doing custom work for me)
subrbanoblivion
· 3 months ago
I'm going to laugh and take this comment for the joke it clearly had to be. It's so funny it has to be.
Σχολή Χορού
· 3 months ago
Thank you all for your help. I upgraded all my blogs except one and everything is fine (just some plugins needed upgrade or change). The one i didn't upgrade is version 5.7 and the security hole doesn't apply to it.
Tawnya Sutherland
· 3 months ago
Well our community blog was hacked. We've upgraded but still see a hidden administrator in the database. Is there any way to fix this or is anyone out there I can hire to fix? Contact me.
Joseph Becher
· 3 months ago
Sent you an email.
Digital Art Empire
· 3 months ago
how do you upgrade ??????
Vegas - Peter Arceo
· 3 months ago
How do you check your WordPress Version?
AndyBeard
· 3 months ago
The Wordpress dashboard will tell you whether you need to upgrade, plus it is displayed in the footer, and most likely in the header of the code on each page.
Delon
· 3 months ago
i did already.. being up to date is good practice.. sucks when u have plugins or themes that are dependent on older versions... http://delonchateau.net/blog
AndyBeard
· 3 months ago
I was seeing reports yesterday that this exploit was affecting 2.8.4
Lloyd Budd
· 3 months ago
Links? I was trying to follow pretty closely this very detail, and I didn't seen any reports for 2.8.4.
AndyBeard
· 3 months ago
Sorry I didn't bookmark or promote the link, as at that time it seemed very isolated and hadn't been fixed - too long ago to find it in my Twitter search
DrewAPicture
· 2 months ago
It IS affecting 2.8.4. My company's site got sploited last night and we're running 2.8.4.
axgrindr
· 3 months ago
Just hit the 'Upgrade Automatically' button in all my blogs and it seems to have worked. Thanks for the head's up Mashable.
Mitzi Szereto
· 3 months ago
yeah, but everytime i log in, i see that the NEW version has holes in it, and they have to keep fixing it. so frankly, i am not sure i trust it. nor i am sure i trust that it won't screw up my entire site.
Patrick Dickey
· 3 months ago
The understanding that I took from http://friendfeed.com/scobleizer/cd43c6c3/i-don... (specifically Matt from WordPress's comments) is that they release a fix right when it's done-- not in a bundle like your Operating System does. And someone else mentioned that their versioning system increments every time they make a fix. That's why you're seeing a lot of upgrades. Or would you rather they sit on the fix for anywhere from one to twelve months until they have "enough" of them to make the upgrade worthwhile? Have a great day:) Patrick.
Mitzi Szereto
· 3 months ago
i'm still on 2.7.1 - should i leave it the hell alone? please advise.
Brad F.
· 3 months ago
"If you’re running a self-hosted WordPress blog that isn’t up-to-date (version 2.8.4), you’re advised to upgrade immediately to the latest version of the software to avoid an ongoing attack."
First line of the article...
Doreen Iannuzzi
· 3 months ago
IMHO, the confusion is the first sentence: by putting "2.8.4" in brackets, is Pete saying that 2.8.4 is the "up-to-date" version, OR 2.8.4 "is not the up to date version" -- is 2.8.4 the most current, safe, version?
IconicImagery (NativeMoon)
· 3 months ago
Version 2.8.4 is the most current safe version...
Joseph
· 3 months ago
You are on the most vulnerable version. It is highly recommended for you to upgrade. Just click the Upgrade button available in your backend (administration).
Mitzi Szereto
· 3 months ago
is it sufficient for me to do a backup in my host's panel? i've no idea how to do one in the actual wordpress itself.
tonyknuckles
· 3 months ago
Yes you need to upgrade as soon as possible. The easiest wat to do it is to get the WP-automatic upgrade plug-in. Keep in mind that after you use the upgrade plug-in to deactivate after use.
Mitzi Szereto
· 3 months ago
my site has the upgrade automatically thing. what i'm worried about is screwing up my site, i am hearing some stories about these upgrades. i've backed up in my host's panel - is that enough? the instructions in wordpress about backing up have given me a headache.
paul
· 3 months ago
You need to backup the database as well.
tonyknuckles
· 3 months ago
When you backup your site, there should be a file created in your domain structure called "dbs_backup" or something to that effect, and if you have it configured properly you should be able to save a copy of file to your local computer.
tuxme2
· 3 months ago
Gosh! (Lucky I don't run WordPress)
Brad F.
· 3 months ago
I've been thinking about self-hosting my blog for a long time, but stuff like this always deters me.
tonyknuckles
· 3 months ago
Its really a no-brainer to upgrade as you work. Just click a button and its done.
Brad F.
· 3 months ago
Odd. Everyone I hear talking about upgrading make it out to be a big deal. Maybe something to do with the extensions?
IconicImagery (NativeMoon)
· 3 months ago
Could be. I've upgraded a client site 4 times now, fortunately with no problems. It's worth doing the upgrades as soon as they are released and checking the plug-ins to see where the conflict is coming from. One thing I've learned is to get rid of any plug-ins I'm not actually using - saves a lot of potential hassle....
Ian Storm Taylor
· 3 months ago
It's really very simple. Even more so if you have auto database and file backups then you don't even have to think before clicking the update button. I've already done it twice since installing WP without thinking and without problem. As long as your theme not hacked together you should be fine... and even then you will probably be fine as well.
FireMom
· 3 months ago
It used to be quite difficult until WP coded an automatic upgrade function into their software. WP is user-friendly like that.
Brad F.
· 3 months ago
Sounds good to me! Maybe sometime in the future I'll switch over. I've been using free blogger hosting so far.
tonyknuckles
· 3 months ago
The issues many have had is with all of the weird plug-ins not being compatible with newer versions. Since many of the original plugin writers have completely fallen off the map and don't code any more.
davidwieland
· 3 months ago
I have bad experience updating my wordpress. It's a complete noob question, but what do I do - drag the new files into the root where my wordpress operates now? Will my settings remain?
IconicImagery (NativeMoon)
· 3 months ago
Its just a matter of clicking one button - your Dashboard should have an automatic upgrade function when you aren't up-to-speed....
davidwieland
· 3 months ago
That's just it, I can't find that button. I'm running 2.6.
Chris Harrison
· 3 months ago
Automatic upgrade was introduced in Wordpress 2.7. Once you get upgraded to the latest version you should be able to use Automatic Upgrades without a problem. That is, of course, assuming your host is configured to allow you to do it. Regardless, following the instructions NativeMoon posted, you shouldn't have any problems upgrading manually.
IconicImagery (NativeMoon)
· 3 months ago
here is info from the Codex on upgrading. Hope this helps
This is annoying! Can anyone pinpoint who is behind this?
bloqhead
· 3 months ago
If you have a version below 1.8.4, UPGRADE. If you have a self-hosted blog and don't know how to do this, then you probably shouldn't have a self-hosted blog. People need to stop asking 'should I upgrade' when the article suggests it on the first line of the first sentence. It's not that difficult and it won't bork your site. If it somehow does bork it, it's not hard to fix. As long as you backup all of your posts and your database (as the thing suggests and the automatic upgrade system even does for you) then you'll be fine.
Mitzi Szereto
· 3 months ago
i just upgraded, it is fine. but i checked with my host first - i did a backup via them, and if anything happened, they said they would reinstall from the backup. so i feel confident with hostgator. no i am not getting a commission from that. ;-)
tonyknuckles
· 3 months ago
Good to hear it worked out for you.
Sam
· 3 months ago
Do you not have editors who approve articles before submission? There's a mistake - "you’ll likely need to export your all your content"
Miladinoski
· 3 months ago
I noticed this at a friends' blog, permalinks of somekind appear on the top of the page...
As for me, I'm not vulnerable - as I always upgrade to the latest possible version of a software I use very regularly :)
Sarah Lam
· 3 months ago
Ouch that hurts. Thank god I have upgraded when version 2.8.4 is available immediately.
netposer
· 3 months ago
Anyone hosting on godaddy's shared hosting (Linux)? I sent them an email since my blog was "infected".
I upgraded...but a bit late.
Followed the instructions on how to find the hidden user and removed him/it. I also changed the perma-link settings.
kalimckibben
· 3 months ago
Well that really sucks! I recently reverted back to a slightly older version because when I had upgraded to 2.8.4 it broke my inline editor and nothing I did would get it back.
Chris Harrison
· 3 months ago
It could have been due to files not getting updated properly or even a caching issue... You might try to do a manual upgrade to see if that won't resolve your issue.
theShape
· 3 months ago
wow! thank you!
privacylover
· 3 months ago
Upgrading software to the latest stabel release is always a must do really, otherwise you are waiting for someone to hack you, thanks for the heads up.
HT
· 3 months ago
Tried to update and got this. Help??
Fatal error: Allowed memory size of 33554432 bytes exhausted (tried to allocate 2357046 bytes) in [...]public_html/wp-includes/http.php on line 1331
Melanie
· 3 months ago
Memory setting in your php.ini is too low. Either your host has to change it or a .htaccess to allow for extra memory.
savorytv
· 3 months ago
HT, I had that same issue. I simply disabled all of my plug ins and that solved the problem. I enabled them after the upgrade. All is well.
Janice Schwarz
· 3 months ago
You might want to put a date on this. I was hunting for yet another upgrade when I realize you're talking about something that is weeks old. So some of us have already done the upgrade...
ohh thank goodness, I just upgraded and nothing broke. Love wordpress
mike hawkins
· 3 months ago
Erm...bit late, letting people know now...it was well known on 12th August.
John
· 3 months ago
Are the passwords encrypted of the users? Or was the hacker able to see the passwords?
Ferodynamics
· 3 months ago
No reason to overreact, your Wordpress is only vulnerable if you had "Anyone can register" checked in general settings.
Wyn Galbraith
· 3 months ago
Is this just for the standalone Wordpress or does this breach include MU as well?
Patrik
· 3 months ago
My site are attacked!! Just downloaded the XML file.. I had a new useraccount named: iseus_1e1e1e that had admin role.. Were able to delete it though.. But I really doubt that it´s gone completly..
Going to reupload the site when I have the time for it..
Nathan Nash
· 3 months ago
Thanks for the heads up, good thing I upgraded though.
Eric
· 3 months ago
Is there any substantiation to this??? The source Lorella notes has nothing to say. Wordpress has nothing to say. No blogs have come forth reporting hacks.
This all sounds like bad reporting. Way to whip everyone into a frenzy on a nice holiday weekend, though, Mashable.
robbywee67
· 3 months ago
Wordpress Version 2.8.4 is good. easy and advanced
annettefrey
· 3 months ago
Hmm, how do you "upgrade" I never downloaded WP, just use from the site and ftp files up??
hollywoodorblog
· 3 months ago
Sweet Jesus! Thanks, Pete!
John Hamilton Farr
· 3 months ago
Those of you who don't have a recent version of WP with the upgrade feature can easily upgrade by following the procedures outlined in the Codex. It's just a matter of which folders and such to upload, and after that, it will be built-in.
Everyone should of course always download and keep a local copy of their sites, so you can replace anything vital you might accidentally overwrite if you're manually upgrading. This is standard operating procedure. You should also set things up to have your database emailed to you on a regular basis.
If you're running a dated version of WP, be advised that your old theme may not work the way you want after upgrading and could require tweaking your PHP files. I suspect these instances will be rare, but you never know.
I second the recommendation to use the premium Thesis theme, which makes all of this so much easier. I also want to reassure everyone that WP is generally rock-solid. It pays to stay current, though. At least the developers are trying to keep up with the hackers, which is more than we can say about a lot of software apps.
Arthur Wilkie
· 3 months ago
And this is why I use Blogger...
wonkotsane
· 3 months ago
If only Wordpress would handle a large import. I've got a few years worth of blog posts and it's too much for Wordpress to handle an import so I can't backup, upgrade and restore if it goes wrong. Plus, the setup I have now is great for Google without using any SEO tools - who knows how it would perform with the latest version of Wordpress?
nls
· 3 months ago
I have no idea what version I'm using. I've clicked all around and don't see any info on what version I'm using. I started my blog in May - is this the 2.8.4? When I click "Upgrades" all i see is info on giving gifts of wordpress to others. Kinda freakin' out. Any help is appreciated.
John
· 3 months ago
No, in when you started your blog in May and didn't upgrade since, you will have an older version.
John
· 3 months ago
When your site is hacked, was the hacker able to see all passwords? (one of my sites got hacked)
ramifawaz
· 3 months ago
Oh boy. I get so nervous every time I upgrade..
achernow
· 3 months ago
Already did the upgrade apparently.
jj-momscashblog
· 3 months ago
I just had a "Reported Attack Site" last few days, my blog was taken down and had this message also had to clean files by way of Hostgator, and then write to GoogleWebmasterTools and beg them to review and promise that all files were clean. It took 3 days until my site was back up and running. Is this what you are talking about? Please let me know.
nls
· 3 months ago
this may sound so elementary but my blog is a wordpress.com blog not wordpress.org. isn't there a difference? After reading a little more it sounds like anyone w/ a blog on wordpress.com isn't affected. Am I right? I'm still learning all the blog "jargon" - thanks for help!!!
savorytv
· 3 months ago
You are correct.
Maria
· 3 months ago
By the way how do you back up the data base of the blog
jimgray69
· 3 months ago
i need some help with this...i've got 2 blogs with the old version...
Sam G. Daniel
· 3 months ago
Thanks for the update. Already on the latest version but it is difficult for people with custom themes or plug-ins that are not fully tested with the latest version.
Those using the custom Thesis theme should update to the latest version prior to upgrading wordpress. Make a database backup and copy your code prior to upgrading.
FireMom
· 3 months ago
All of my personal blogs/sites were already updated. I am, however, hosting a local theatre blog with Wordpress on 1&1 Hosting which does not offer one click WP installation. I installed it by hand just fine. However, when I press the auto upgrade button inside the Dashboard right now, it says: Downloading update from http://wordpress.org/wordpress-2.8.4.zip.
And then never moves again. My other sites would show that line and then zoom through the rest of the upgrade process. Any ideas?
dsphoto
· 3 months ago
So what actually happens to one's site once it has been hacked? Just curious about why anyone is doing this.
SpiritualShow
· 3 months ago
Is that why all the comments on my blog have been spam these past few days?
John
· 3 months ago
My permalink structure got changed by the hack. But there is no new hidden user, also not in my database. What does it mean? Wasn't the hack completed 100%? And is my blog safe now?
I have had about 10 spam comments but no (conspicuous) 2nd admin user. Am I affected or not?
Name
· 3 months ago
2.8.4 is probably not "safe" either, but it is not the subject of the current attacks.
Jeff Korhan
· 3 months ago
This is one of the reasons I use Typepad. Wordpress is a great platform, but there are many "if's" and some of us like knowing others are watching our back while we are out doing what we do best.
Even reading some of these comments is interesting. I'm seeing things like ...it's safe, but back up just in case. That's another if in my book.
I did a full blog post that details how and why I came to rely on Typepad: http://bit.ly/wQack
Kudos to Mashable for being the first to get this out there to help.
marmaraelt
· 3 months ago
I hope everyone realize the importance of this update..
kashaziz
· 3 months ago
Firstly, this is not a new attack. I have experience it on one of my blogs in June. IMO the exploit targets wp-config, which is usually kept as writeable (chmod 777), gets DB access info through it and moves forward. In my case, it stopped after infiltrating few plugins and admin files which easily got tracked as their timestamps were modified.
It is not always possible to upgrade to next-available version of wordpress contributing to various reasons including custom/incompatible plugins. In case of current exploit, I recommend changing DB and FTP passwords immediately and remove write permissions from wp-config and admin folder.
weshopper
· 3 months ago
Does anyone one know if you have to create a new database when you clean out a hacked site? Can you just export the posts, do a clean wp and theme install, and be good to go? Should the site get new passwords? No one seems to say anything about this and I hate to jump to the conclusion that its not necessary.
kay
· 3 months ago
what happens if you have a wordpress hosted site?
SteveEarly
· 3 months ago
WordPress hosted blogs are not affected. You are only vulnerable if you use WordPress on a site you host yourself.
Smashing Themes
· 3 months ago
Thats true, I myself logged in to my admin dashboard and found a new user registered as administrator, first I thought that I have committed some mistake at wordpress options but found those to be ok. I instantly deleted the new admin user, upgraded the WordPress to the latest version (I was running 2.8.3) and then scanned the posts to see if there are any hidden Viagra links inserted but nothing was compromised.
Realest
· 3 months ago
That`s really really annoying, and i do update when the button is shown and almost always in one of blogs something stops working, and these updates are dropping like phone calls
zedomax
· 3 months ago
For those of you who got hacked, you might want to check your old blog posts to see if the hackers have put porn spam links. These cannot be seen using your browser as they use "display:none". I have the code for checking your database here:
FYI, hackers attacked couple of my blogs last month and inserted about 3,000 spam links on average, only on older blog posts.
If you don't know and these remain for months, you will lose all your Google SEO btw, so it's sorta serious that you check it if you got hacked. Just tryin' to help. :)
Exotic Photos from Borneo
· 3 months ago
I'm using BlogSpot so I don't have this headache
richie@rwsphoto
Altinkum
· 3 months ago
I am so surprised, I always thought Wordpress was 100%. Hearing this makes me not want to self host.
cheald
· 3 months ago
Fortunate it's not a zero day. Exploits of this nature suck, but at least it's been fixed in the Wordpress trunk for a while. Sucks to be people who didn't upgrade and got hit, though.
Travel gear reviewer
· 3 months ago
I can't get in to upgrade. Wordpress appears to be overloaded. "Briefly unavailable for scheduled maintenance. Check back in a minute." (I've been getting that for an hour.)
Martín Noziglia
· 3 months ago
Upgrade is ready ;)
Martín Noziglia
· 3 months ago
Who can you tell me if Wp´s upgrades make your blog get slow?
cdub09
· 3 months ago
Thanks for the article. I did a manual upgraded my WPMU site and everything went smooth.
Patrick
· 3 months ago
For the people who are whining because their plugins or theme's may not work, my advice is this. If it doesn't work, disable it and contact the developer. If it's a plugin or theme that you absolutely can't live without, there's a good chance that it's already been upgraded to work with the latest version.
In the scheme of things, everyone needs to ask themselves this question... "Which is worse, my plugin or theme not working, or my site getting hacked and trashed (along with my reputation by my followers)?"
I'd rather have a plugin or them that's broken, then have my followers say "Don't go to any links from his site. I did and ended up with <insert malware, virus, or other problem here>."
Have a great day:) Patrick.
Name
· 3 months ago
Thank you for the helpful link to the page to upgrade Wordpress.
Oh wait, that's right, you didn't.
Caro
· 3 months ago
My blog was affected!! they completely ruined it, but luckily I've a friend who's helping me fix it and get all the data back.
Free XBox Live
· 3 months ago
"For those unaffected: upgrade today. For those affected: the WordPress community is here to help."
That is all. MOVE ALONG PEOPLE, nothing to see here!
nar321
· 3 months ago
I feel that at least one web host hadn't done enough to protect blogs. I had a up to date stable version of WP and was still hacked( am no longer with that Web Host), Also that WordPress should take this opportunity to harden the security in WordPress
E-TARD
· 3 months ago
This is bad I see soo many blogs running old versions of wordpress. ppl really need to update.
Ben Lang
· 2 months ago
it almost got me, thanks for the warning...
Emma
· 2 months ago
I think I've been hit. In my User area it's telling me I have 3 administrators when I know for a fact I'm the only one. The only thing is, when I click to see the administrators it only shows me.
Also, I noticed last week it had changed the permalink structure, but I brushed it off thinking it was something to do with Dreamhost, and just changed it back thinking nothing of it.
Is there somewhere that lists how to solve these problems? I mean, I've heard it goes right into the DB so if I upgrade the DB will still be effected.
My site is somewhere where people can register and post, but I've done it so they can't access anything in wp-admin (because it lists everybody's posts in there and I don't want them to see that) So they only have access to the write-post.php page.
A while ago I tried to update it to the latest version but it didn't want to work the way I wanted it to. But it looks like I'm going to have to upgrade.
First things first, how to fix the DB from being affected? Anyone know?
charles rinehart
· 2 months ago
I'm just glad I have Blogger. Wordpress is much too complicated for me. Great story thanks.
Marte
· 2 months ago
OK - I see a hidden user... but I have no clue how to:
export content with the built-in XML WordPress export, uninstall and reinstall WordPress and re-import the content. It’s a nasty attack that goes all the way into the database, so exporting the database will result in exporting the hacked code too.
Non-techs like me should use pencil and paper and forget this! But... I can't. So... where is the XML Wordpress export tool? And what does it export to? and then, how do I get the hacked code out in order to put the content back in?
Oh boy am I confused!
lauren
· 2 months ago
this isn't my hack problem. i keep getting keywords injected into my footer. upgrading didnt help. :(
Andy Fitzpatrick
· 1 month ago
Must admit I was a little hesitant in updating because of loads of past problems with other software packages but this was a dream to install. A real one click solution for a change.
D J Tolley
· 1 month ago
i upgraded and it seemed to keep all my themes intact
I haven't been able to even log in TO my site TO fix anything these last few months. Ever since Host Gator got their grubby little hands on it and screwed everything up - including the colors, design and alignment. So I gotta ask, what the hell do I do now? I cannot log in at all lol. Its a blank page! Help!
Guest
· 4 weeks ago
Double post. Sorry!
Natalie
· 3 weeks ago
And all my wordpress websites were hacked YESTERDAY while running 2.8.5 - with the eval injection - so what the hell? Obviously the exploit hasn't been blocked in the latest versions of Wordpress.
All Comments
I upgraded to latest version, Good luck everyone!!
Its nasty! Good luck everyone!
I upgraded to latest wordpress
Sorry, I know that doesn't help you right now -- just a consideration for future projects.
Also - I think this may only be an exploit if you were using 2.82 or 2.83? So if you haven't updated in awhile, you may be ok?
Thanks for the head's up Mashable.
Have a great day:)
Patrick.
First line of the article...
I've been using free blogger hosting so far.
http://codex.wordpress.org/Upgrading_WordPress
As for me, I'm not vulnerable - as I always upgrade to the latest possible version of a software I use very regularly :)
I upgraded...but a bit late.
Followed the instructions on how to find the hidden user and removed him/it.
I also changed the perma-link settings.
Fatal error: Allowed memory size of 33554432 bytes exhausted (tried to allocate 2357046 bytes) in [...]public_html/wp-includes/http.php on line 1331
http://wordpress.org/development/2009/08/2-8-4-...
I had a new useraccount named: iseus_1e1e1e that had admin role.. Were able to delete it though.. But I really doubt that it´s gone completly..
Going to reupload the site when I have the time for it..
This all sounds like bad reporting. Way to whip everyone into a frenzy on a nice holiday weekend, though, Mashable.
Everyone should of course always download and keep a local copy of their sites, so you can replace anything vital you might accidentally overwrite if you're manually upgrading. This is standard operating procedure. You should also set things up to have your database emailed to you on a regular basis.
If you're running a dated version of WP, be advised that your old theme may not work the way you want after upgrading and could require tweaking your PHP files. I suspect these instances will be rare, but you never know.
I second the recommendation to use the premium Thesis theme, which makes all of this so much easier. I also want to reassure everyone that WP is generally rock-solid. It pays to stay current, though. At least the developers are trying to keep up with the hackers, which is more than we can say about a lot of software apps.
(one of my sites got hacked)
Those using the custom Thesis theme should update to the latest version prior to upgrading wordpress. Make a database backup and copy your code prior to upgrading.
And then never moves again. My other sites would show that line and then zoom through the rest of the upgrade process. Any ideas?
What does it mean? Wasn't the hack completed 100%? And is my blog safe now?
Even reading some of these comments is interesting. I'm seeing things like ...it's safe, but back up just in case. That's another if in my book.
I did a full blog post that details how and why I came to rely on Typepad: http://bit.ly/wQack
Kudos to Mashable for being the first to get this out there to help.
It is not always possible to upgrade to next-available version of wordpress contributing to various reasons including custom/incompatible plugins. In case of current exploit, I recommend changing DB and FTP passwords immediately and remove write permissions from wp-config and admin folder.
http://zedomax.com/blog/2009/09/06/wordpress-di...
Hope that helps!
FYI, hackers attacked couple of my blogs last month and inserted about 3,000 spam links on average, only on older blog posts.
If you don't know and these remain for months, you will lose all your Google SEO btw, so it's sorta serious that you check it if you got hacked. Just tryin' to help. :)
richie@rwsphoto
In the scheme of things, everyone needs to ask themselves this question... "Which is worse, my plugin or theme not working, or my site getting hacked and trashed (along with my reputation by my followers)?"
I'd rather have a plugin or them that's broken, then have my followers say "Don't go to any links from his site. I did and ended up with <insert malware, virus, or other problem here>."
Have a great day:)
Patrick.
Oh wait, that's right, you didn't.
That is all. MOVE ALONG PEOPLE, nothing to see here!
I see soo many blogs running old versions of wordpress.
ppl really need to update.
Also, I noticed last week it had changed the permalink structure, but I brushed it off thinking it was something to do with Dreamhost, and just changed it back thinking nothing of it.
Is there somewhere that lists how to solve these problems? I mean, I've heard it goes right into the DB so if I upgrade the DB will still be effected.
My site is somewhere where people can register and post, but I've done it so they can't access anything in wp-admin (because it lists everybody's posts in there and I don't want them to see that) So they only have access to the write-post.php page.
A while ago I tried to update it to the latest version but it didn't want to work the way I wanted it to. But it looks like I'm going to have to upgrade.
First things first, how to fix the DB from being affected? Anyone know?
export content with the built-in XML WordPress export, uninstall and reinstall WordPress and re-import the content. It’s a nasty attack that goes all the way into the database, so exporting the database will result in exporting the hacked code too.
Non-techs like me should use pencil and paper and forget this! But... I can't. So... where is the XML Wordpress export tool? And what does it export to? and then, how do I get the hacked code out in order to put the content back in?
Oh boy am I confused!