On the off chance that you haven’t heard the news yet. You should upgrade your WordPress install straight away. Don’t hesitate, do it now. Don’t pause to grab a cup of coffee. If you’re just waking up then rub the sleep from your eyes and jump to the download page and grab WordPress 2.1.2.
Long story short: If you downloaded WordPress 2.1.1 within the past 3-4 days, your files may include a security exploit that was added by a cracker, and you should upgrade all of your files to 2.1.2 immediately.
Users running from svn code aren’t affected, but then you probably already knew that already didn’t you? You should be subscribed to Hackers and Testers lists.
Don’t worry if you’re running a WordPress MU site. That isn’t affected, although you should upgrade to the latest 1.1.1 release as that fixes a number of problems with 1.0 as well as merging in some security fixes from WordPress core.
WordPress.com users have nothing to worry about.
20 Comments
Donncha (1707 comments.) on March 3, 2007 at 1:12 pm.
Even made slashdot too!
InsideOutsider (1 comments.) on March 3, 2007 at 1:38 pm.
Why can Microsoft not patch holes this quickly?!
Pingback: Gunars Blog rund um die Themen Technologie und Gesellschaft » Blog Archive » Wordpress Server gehackt und Code verändertblack hat, cracker, golem, informationen, parser, urls wordpress
Pingback: no wow
スム(1 comments.) on March 3, 2007 at 3:42 pm.
done… people is really caring about this topic.
so nice ^_^
John P. (1 comments.) on March 3, 2007 at 3:55 pm.
Even with an upgrade, delete the old files first. It will keep your blood pressure down.
Bes (1 comments.) on March 3, 2007 at 5:51 pm.
InsiderOuter – Because of Microsoft management. Microsoft is in a completely different field and dealing with way more people than WordPress, and management thinks as long as majority of the people are satisfied, it is ok to take things slow to be on the safe side.
Michael Cashman on March 3, 2007 at 6:38 pm.
how can ye let this happen?
Tim (5 comments.) on March 3, 2007 at 6:58 pm.
Hi Donnacha, maybe a stupid question but I’ll ask anyway, I upgraded to 2.1, but have not gone up to 2.1.1 yet am I still in the shit? I haven’t got access to broadband or a decent connection for another 2 weeks, downside of being on a ship, what could happen?
Cheers Tim (a worried sailor blogger)
Donncha (1707 comments.) on March 3, 2007 at 7:45 pm.
Michael – sometimes bad things happen in the world. It would be infinitely worse if we sat on it, released a new version and didn’t make a huge fuss about it. Aren’t disclosure and open source great?
Tim – the malicious code inserted into the hacked version of the zip file won’t be on your system but there were other bug fixes that made 2.1.1 a necessary upgrade.
If you can find the time, upgrade your host just in case. Can you ssh? or will you be ftping files up from your slow location? If you can ssh into your host you can wget the file from there, so it won’t matter how slow your connection is!
Tim (5 comments.) on March 3, 2007 at 7:50 pm.
Go raibh maith agat! Cheers Tim
TechZ (14 comments.) on March 3, 2007 at 10:30 pm.
I had updated a while ago, so wasn’t affected, but it was a good excuse to update anyway
I wonder who HASN’T heard so far…although I’ve seen some very old WP installs out there, I’m talking v1.xx
Pingback: ÐлекÑандр ÐœÑкаль
Pingback: 精神奕奕
Pingback: Peekaboo » Blog Archive » I wasn’t an early adopter this time. :)
Valehru (1 comments.) on March 4, 2007 at 6:00 am.
This only concerns the users who downloaded 2.1.1 from the website in the past few days. The code was inserted about 4-5 days ago so if you downloaded it before that you should not be affected. Anyhow better safe than sorry so you should download and install asap.
Pingback: La Bitácora del Tigre · Urgente: actualización de WordPress a la versión 2.1.2
Pingback: La Bitácora del Tigre · 300
Talina (1 comments.) on March 5, 2007 at 5:48 am.
Good to know! I’ll upgrade now, oh and can you tell me where I can download your theme??
Pingback: WordPress 2.1.2 Emergency Upgrade Released at Andrew Wee | Blogging | Affiliate Marketing | Social Traffic Generation | Internet Marketing