Forgot your password?

Close
typodupeerror
Security Worms

Wordpress.org Warns of Active Worm Hacking Blogs 103

Posted by timothy
from the in-this-case-the-worms-are-actually-human-beings dept.
Erik writes "Wordpress, the popular open-source Content Management System (CMS) for many thousands of bloggers worldwide, is under attack from a 'clever' worm that automatically compromises unpatched versions of the Wordpress system. The particularly nasty bug crawls the web for vulnerable Wordpress installations, installing malware, deleting content, and generally wreaking havoc wherever it can. Today, Wordpress founder Matt Mullenweg eloquently implored Wordpress bloggers to update more frequently. Originally, updating the Wordpress system was a rather laborious process; however, newer versions offer fast and simple one-click upgrades. The two most recent versions of Wordpress (2.8.3 and 2.8.4) cannot be attacked by the worm discovered this week, and blogs hosted at Wordpress.com are also apparently immune."
This discussion has been archived. No new comments can be posted.

Wordpress.org Warns of Active Worm Hacking Blogs More

Wordpress.org Warns of Active Worm Hacking Blogs

Comments Filter:

  • Re:Why people don't update (Score:2, Interesting)

    by Anonymous Coward on Saturday September 05 2009, @08:41PM (#29327783)
    The WordPress "one click update" is annoying, too. Instead of fetching the package it needs from a URL, unpacking it in a temporary directory, and copying the files it needs locally, it requires an FTP login and password.

  • Re:Hey Wordpress... (Score:2, Interesting)

    by Anonymous Coward on Saturday September 05 2009, @11:19PM (#29328613)
    The idea isn't to hide the fact that you're using Wordpress - it's to hide the fact that you may very well be running an exploitable version of Wordpress.

To be wise, the only thing you really need to know is when to say "I don't know."