« Increase web site income - Sell Ad space on your Blog - set n forget hands-free System to serve AD packages on your blog »

WordPress v2.1.2 is a crucial security update

By Rox on March 9th, 2007

WordPress v2.1.2 crucial security update

You should take immediate notice of the warning on your WP dashboard and do a mandatory, crucial security update from Wordpress 2.1.1 to version 2.1.2 - right now.

It doesn’t matter if you upgraded to the dangerous WP version 2.1.1 by downloading directly from wordpress.org within the past 11 days or so, as your files may include a security exploit that was added by a hacker, and you should upgrade all of your files to 2.1.2 immediately.

Here’s a direct quote from the Wordpress blog on 02 March, 2007 detailing what transpired:

“This morning we received a note to our security mailing address about unusual and highly exploitable code in Wordpress. The issue was investigated, and it appeared that the 2.1.1 download had been modified from its original code.

It was determined that a cracker had gained user-level access to one of the servers that powers wordpress.org, and had used that access to modify the download file. We have locked down that server for further forensics, but at this time it appears that the 2.1.1 download was the only thing touched by the attack. They modified two files in WP to include code that would allow for remote PHP execution.”

It also doesn’t matter if you upgraded to 2.1.1 using SVN, simply because WordPress 2.1.2 has a security fix that 2.1.1 doesn’t have. And it has several fixes that the older version 2.1 doesn’t have.

So please upgrade here to wordpress 2.1.2, right now - that is if your web host does not offer an automatic one-click Cpanel wordpress upgrade via Fantastico - like mine thankfully does.

If you were waiting for Fantastico to change the one-click Wordpress upgrade available from your web host’s Cpanel, well Fantastico;s version of WP is now showing at v2.1.2. Disappointingly, it took Fantastico a long 7 days to update the suspect wp 2.1.1. to the fixed 2.1.2. However, I was told they wait at least this long to make sure the updated version is stable prior to release to all web hosting services.

UPDATE: I’m so glad I took the precaution to delete the entire suspect version of v2.1.1 as Norton did identify four “back-door” type virus’ in the “wp-includes” folder of my personal desktop copy of that version!

If you like my content, please consider subscribing to the:
Marketing Defined RSS Feed and get the Latest updates by Email

Categories: Wordpress
Tags:

Leave a Reply

You can use these XHTML tags: <a href="" title=""> <abbr title=""> <acronym title=""> <blockquote cite=""> <code> <em> <strong>

« Use Negative Keywords For Targeted Adwords Clicks Dropcaps increase length of time at website »