A new wordpress attack is going on, reported by Mashable, targets wordpress versions that are not up to version 2.8.4. This new attack exploits security holes within wordpress where hackers can gain access to the Administrator account. This allows hackers access to the database, where they can create new Administrator accounts then gain full control over your wordpress platform. This attack is currently only active for self-hosted versions of wordpress. To upgrade, log into your adminatration area and you should see a notice to upgrade. Click this notice and choose to automatically upgrade your version. For most people it should work, just watch to see if any errors are reported.
To spot if your blog has been hit by this attack, there are two noticeable signs. First, if extra characters are appearing after your permalinks. Second, if you notice a new Administrator account you did not create. You usually will not be able to delete this account. If you see these signs in your blog, there is a good chance you have been attacked.
If you have been attacked, the best solution is to reinstall wordpress from a backup. There is no point in trying to fix this problem right now, as these is no stated solution. If you have never created a backup of your wordpress database, then you need to do so right now. There are two plugins that allow you to backup wordpress. The first, WordPress Backup (by BTE), allows you to backup your plugins, themes, and uploads directories. You can even have these sent to you by mail every evening to ensure you have a backup daily. The second plugin, WP-DBManager, allows you to schedule a backup of your database. If you use both of this daily, you will have a complete backup solution you can use in cases of attack.
Remember, updating your version of wordpress will not affect your current theme, plugins, or posts. I have read many people are afraid to upgrade to new versions as they edit core wordpress files to achieve functionality they desire. If this is you, ask yourself which is better, being secure and limiting your customization or being easily attacked. If you have edited the core files of php, you will have to reedit them after the upgrade. Upgrade now while you can.
About the author: Psychcomp is owned and maintained by Nathan Driskell, a Licensed Professional Counselor - Intern specializing in Internet Addiction and Asperger's Disorder. Nathan is also a Web Designer and Network Administrator.
Contact Nathan at the following locations:
dami...@psychcomp.com">E-Mail
Twitter
Related Posts
- Example robots.txt for WordPress and PHPBB3
- How to Establish Yourself Online – Part 3: Setting up WordPress
- How to Establish Yourself Online – Part 4: Customizing WordPress
- Connect WordPress to Myspace
- How to Establish Yourself Online – Part 5: WordPress SEO
- How to Establish Yourself Online – Part 1: Plan
- Pandora: Internet Radio Done Right
- Twitter Down Again, External Apps to be Affected
- How to Establish Yourself Online – Part 2: Domain Name and Web Host
- Hostgator Review
Loading ...
