Mashable - The Social Media Guide - Latest Comments in WordPress Responds to Attack: “Please Upgrade”

Re: WordPress Responds to Attack: “Please Upgrade”

Nikolay Kolev — Mon, 26 Oct 2009 02:06:02 -0000

Obviously you don't live in the Real World and I'll give you an example with probably one of the most enterprisey plugins there is - HyperDB, which got updated last month from supporting "up to 2.6" to "up to 2.8" (yes, it's skipped 2.7), which happened a few months after 2.8 got released. HyperDB is a plugin developed and used at WordPress.com by Automattic folks themselves, so, if this is not a trustworthy plugin, then I'm really lost!

Re: WordPress Responds to Attack: “Please Upgrade”

rui — Tue, 29 Sep 2009 11:04:01 -0000

Olá, apenas para testar esta maneira de comentario

Re: WordPress Responds to Attack: “Please Upgrade”

Name — Fri, 18 Sep 2009 18:43:04 -0000

Do I have to do anything at all? All I wanted to do was go on Glenn Becks site and respond to a comment. I don't have a word press site. Actually I'm not familiar with any of this.

Re: WordPress Responds to Attack: “Please Upgrade”

mercime — Thu, 10 Sep 2009 17:05:47 -0000

2.8.4a is the most recent version for WPMulti-User not regular WP. And no, I had no problem upgrading WPMU nor WP to latest versions. Just make sure you have regular backups of your databases.

Re: WordPress Responds to Attack: “Please Upgrade”

Free Wii Points — Mon, 07 Sep 2009 11:36:42 -0000

Yes you must upgrade because there is an exploit using a specially crafted URL which will hack into your Admin Account!

Re: WordPress Responds to Attack: “Please Upgrade”

milkfish — Mon, 07 Sep 2009 08:06:19 -0000

You can do an export and re-import to a new installation
http://lorelle.wordpress.co...

Re: WordPress Responds to Attack: “Please Upgrade”

Tatesjourney — Mon, 07 Sep 2009 06:51:01 -0000

My goodness, that is a brilliant point................and Pinky says..."n...o..t".

Re: WordPress Responds to Attack: “Please Upgrade”

resuni — Sun, 06 Sep 2009 19:28:38 -0000

You've heard of it? It's only hosting like 70 accounts so I'd be surprised. But I know the owner and he always used Wordpress.

Re: WordPress Responds to Attack: “Please Upgrade”

zedomax — Sun, 06 Sep 2009 15:54:25 -0000

That is good to hear Matt, I do however like that you are very honest and you did say the truth, that's why I keep using Wordpress and of course, I don't think there any other blog software that's better.

Re: WordPress Responds to Attack: “Please Upgrade”

Tawnya Sutherland — Sun, 06 Sep 2009 15:05:21 -0000

I was hacked and have upgraded. Also went into SQL and found the culprit Admin and deleted them as well plus fixed my permalinks. One thing I can't do however is delete this plugin http://guff.szub.net/2005/0... else it shuts down my whole blog. My guess is that this plugin is the backdoor in for this hack.

Re: WordPress Responds to Attack: “Please Upgrade”

Tawnya Sutherland — Sun, 06 Sep 2009 13:27:29 -0000

Is there any fix for those of us who were hacked with the old version???

Re: WordPress Responds to Attack: “Please Upgrade”

Matt Mullenweg — Sun, 06 Sep 2009 13:09:28 -0000

Yes if money could buy security Windows (and OS X) would never have any security updates.

Re: WordPress Responds to Attack: “Please Upgrade”

Matt Mullenweg — Sun, 06 Sep 2009 13:08:21 -0000

I'm not sure who you contacted or talked to, but the current version of WordPress is completely secure. If you're on the current version you should be fine.

Re: WordPress Responds to Attack: “Please Upgrade”

Iliyan Petrov — Sun, 06 Sep 2009 12:18:42 -0000

Windows has millions of dollars invested in it, and it's still the #1 target ;)

Re: WordPress Responds to Attack: “Please Upgrade”

AP — Sun, 06 Sep 2009 03:47:58 -0000

The most recent verison is 2.8.4a. I've heard that upgrading to that version will lead to me losing the admin rights. Is that true? Did anyone have any problems after upgradation?

Re: WordPress Responds to Attack: “Please Upgrade”

mybrutegame — Sun, 06 Sep 2009 01:45:06 -0000

I recently updated my blog. I was worried about this. Ahead of the game! :)

Re: WordPress Responds to Attack: “Please Upgrade”

Robert Basil — Sat, 05 Sep 2009 22:30:07 -0000

This has got to be one of the dumbest comments I've ever read on Mashable.

Re: WordPress Responds to Attack: “Please Upgrade”

Carl Hancock — Sat, 05 Sep 2009 20:57:15 -0000

Don't use plugins that aren't actively supported by their developer. If your blog is relying on plugins that are effectively dead, you aren't exactly thinking ahead as far as the future of your site. ALL cms and blog platforms are going to have security vulnerabilities. Thats why new versions are released. WordPress is ready for the enterprise, otherwise organizations such as CNN, New York Times and the NFL wouldn't be using it. Be smart about the plugins you use and you won't run into this problem.

Re: WordPress Responds to Attack: “Please Upgrade”

ananymous — Sat, 05 Sep 2009 19:45:49 -0000

My site was hacked about a month ago because of lack of upgrade. My site was unknowingly selling every kind of precription drug know to man virtually overnight. Google de-listed me for vital keywords, had to clean site and re-submit, and I had to spend hundreds of dollars getting things fixed and now hundreds of dollars for ongoing maintenance protection because of fear of getting hit again. Lots of lost business too. I also was hesitant to upgrade, thinking it was no big deal. If I had to do it all over again, I would have upgraded! What a f(*+)+# nightmare.

Re: WordPress Responds to Attack: “Please Upgrade”

zedomax — Sat, 05 Sep 2009 19:30:05 -0000

Sure, if you have disabled user registrations, that takes care of 99% of the worms out there. Of course, Wordpress is a free software, that's why it's very vulnerable, there's not millions of dollars invested in it and it's not a huge team of developers. You can't blame them but there's ways to protect it by using encrypted passwords and disabling user registrations, which are pointless to visitors for most blogs anyways. I am not upgrading btw, I am already protected. :)

Re: WordPress Responds to Attack: “Please Upgrade”

Jack Yan — Sat, 05 Sep 2009 19:20:36 -0000

Thanks for that, Zedomax. While we’ve now upgraded (with extreme difficulty, because the upgrade process takes hours and not the minutes that Wordpress claims), I have disabled user registrations on one of our installations.
Like you, I always have huge problems getting these software companies to believe me, then months down the line I get proved right.

Re: WordPress Responds to Attack: “Please Upgrade”

Andrew Wong — Sat, 05 Sep 2009 18:34:21 -0000

You're probably right

Re: WordPress Responds to Attack: “Please Upgrade”

Hesham Zebida — Sat, 05 Sep 2009 18:28:25 -0000

Oh! so I should be feeling not secure now?!!
my setup is not complicated, I hink it can handle the upgrade, I will go for it!

Re: WordPress Responds to Attack: “Please Upgrade”

zedomax — Sat, 05 Sep 2009 17:57:50 -0000

The best way to not get attacked this vulnerability is to disable user registrations, which most of you don't need anyways. According to Matt on the new worm:

"it registers a user, uses a security bug (fixed earlier in the year) to allow evaluated code to be executed through the permalink structure, makes itself an admin, then uses JavaScript to hide itself when you look at users page, attempts to clean up after itself, then goes quiet so you never notice while it inserts hidden spam and malware into your old posts."

I've already gotten this worm 2 months ago, it's been going on for awhile now, FYI.

Re: WordPress Responds to Attack: “Please Upgrade”

zedomax — Sat, 05 Sep 2009 17:55:19 -0000

Oh god, I had this problem couple weeks ago and contacted Wordpress, they said their software was completely secure as far as they were concerned. Now the truth comes out after I lost a bunch of money. I mean all of my 20+ blogs were getting hacked like it was Sunday breakfast or something. Next time, please listen to the bloggers Wordpress security team, I don't bs.