© 2012 espidesigns

ALERT! WordPress Users Must Upgrade!

Posted on May 3, 2010 by in Blog, WordPress | 6 Comments
wordpressred

All self-hosted WordPress-powered blogs must upgrade to the latest version to avoid an ongoing attack. WordPress.org hosted blogs are not affected.

Espidesigns.com has just been attacked and is now being fixed and monitored. I was informed of the virus attack from my email sent by my WordPress Antivirus plugin. A “backdoor” was created by a “hidden” Administrator and could potentially exploit security holes and get right down to the database level.

Lorelle on WordPress gives us clues to determine if your site has been attacked:

There are two clues that your WordPress site has been attacked.

There are strange additions to the pretty permalinks, such as example.com/category/post-title/%&(%7B$%7Beval(base64_decode($_SERVER%5BHTTP_REFERER%5D))%7D%7D|.+)&%/. The keywords are “eval” and “base64_decode.”

The second clue is that a “back door” was created by a “hidden” Administrator. Check your site users for “Administrator (2)” or a name you do not recognize.

All users are advised to upgrade to the latest version of WP. While those already affected can get to this FAQ to fix the problem.

6 Responses to "ALERT! WordPress Users Must Upgrade!"

  1. Reply
    Pamula Bellah
    - December 13, 2010 at 4:45 am

    Been looking at doing SEO and bettering the design on my site for a long time, so this post has been really useful. Easy read also, so thanks!

  2. Reply
    arrorsfurce
    - July 6, 2011 at 7:49 pm

    Yes, correctly.

  3. Reply
    Haven F. Gautreaux
    - July 8, 2011 at 12:17 am

    Very nice article but your site is opened too late. I waited to read the article too.

    • Reply
      Mark Louie Espedido
      - July 14, 2011 at 9:39 pm

      I’m not sure why but this is an old post since last year. I wonder why this post is showing up just now. Thanks for the feedback :)

  4. Reply
    Lorelle
    - July 8, 2011 at 3:41 am

    There are a variety of hacks that have been going around for a couple of years, changing and evolving. Ensure your site is updated at all times when mandatory security updates are announced. They usually do nothing to impact Themes and Plugins. Sorry about your experience.

    Also, WordPress.org blogs are self-hosted and susceptible if not updated. WordPress.com blogs are safe and secure, updated constantly, and those are the hosted blogs.

    • Reply
      Mark Louie Espedido
      - July 14, 2011 at 9:48 pm

      Thanks for the tips. Realized it when this site got attacked. I’ve been updating this since then whenever security updates are available, the same for my software. But sometimes updates are buggy that it corrupts the software and render it almost useless. However, the smarter move is to backup everything including having the old version, so when problems occur after updating, one can still roll-back to the previous version. But risking the vulnerability of an attack.

      On the other hand, the people behind WordPress is so good that I don’t have to worry about this things anymore. I can go ahead and update. Good job!

      P.S. This is a year-old post. I wonder why you just saw this and comment just now. BUT I’m so honored to have you here, Lorelle :)

Leave a Reply

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

Archives

Categories

Twitter