Yesterday I learned that a worm has been attacking a number of WordPress blogs. If your blog hasn’t been attacked yet the easiest way to prevent an attack is to update your WordPress installation to the latest version – 2.84.
The worm seems to be attacking older installations, infecting posts with spam and malware that gets downloaded when readers visit them.
The WordPress Blog states that this worm does not affect the current version of the blog publishing software, which is 2.8.4, but the company is strongly recommending that users running older versions upgrade immediately.
The worm registers a user and leverages a security flaw in older versions to execute code through the permalink structure. It them makes itself an administrator and uses JavaScript to hide itself when blog readers visit a page. Meanwhile it has inserted spam and malware into older posts.
The worm fails to properly clean up after itself once it has infected a page, according to WordPress, and users may notice that their links are broken – a telltale sign that the worm has visited.
Four things you should do to protect your blog and it’s data from hackers and worms:
- WordPress is pretty good about watching out for security holes and making patches for them – hence the regular updates to their blogging software. For this reason, it’s wise to update your WordPress installation shortly after a new version comes out.
- It’s also wise to make sure that all of your plugins are up to date as well as they can have security holes as well.
- Another way to protect your blog is to not use the standard “admin” login. Create your own unique Admin login and change your password regularly. keep in mind that creating a complicated password with both capital and small letters as well as numbers will be harder to hack.
- Another safe practice is to backup your blog regularly. Backing up your blog is really quite easy to do, even if you’re a novice WordPress user. Just install the WordPress Database Backup plugin and you’ll be able to back up your blogs files and tables anytime you want and you can even schedule hourly, twice daily, daily or once weekly backups. Scheduled backups are e-mailed to you so you always have a fairly current copy of your sites files on your computer.
My husband and I have seventeen blogs between us, so I spent several hours yesterday updating plugins and updating the blogs to version 2.84. At least updating is really easy now with WordPress’ one click update. There’s no excuse not to update now – even if you do have a lot of blogs like my husband and I! Luckily our blogs weren’t too far behind and as far as I can tell haven’t been hit by this malicious worm.
Thanks Tricia, I hadn’t heard about this worm. Have a few WordPress blogs that could probably do with some updating asap! So thanks for the heads up!!
Making sure your WordPress software is up to date is vital to every blogger out there. Protect your investment folks. God for bid something happens to your site and its content and puts you off the grid for a couple days, if not weeks. It could seriously hurt your income and your traffic.
fitted hats yes you’re right – updating your blogging or website software is very important. So is keeping a backup of your data! If your site were to get hacked you could have it back up and looking like it used to within hours if you have a recent backup … if not … we’ll you’d have to try to hunt down your posts on feed readers, Google cache and the way back machine and do a lot of work to perhaps get rid of malicious code from your site and database left there by a hacker or worm attack. Much easier to just start over with a new install, new data base and then a backup to restore the old site.
This is good information, the good thing about wordpress being open source is the updates which are released. Thanks for the heads up!
JND yes I’m happy that wordpress keeps an eye on things and updates whenever there might be a security issue. It used to be a pain to update WordPress (at least for me with so many sites) but now that the one click update works properly it’s a breeze and therefore no one should have an excuse for not updating!
I got word of this worm and the urgency to update through some forums I read.
Of all the attacks on WordPress blogs, this seemed to be the most sinister, so I quickly went to my cpanel and updated everything!
I’ll keep a closer eye on future updates as they become available and won’t procrastinate again….