winworld’s posterous

There is a major attack on older version of Wordpress blogs right now and the number of sites hit by this is growing every hour. Users of WordPress.com hosted blogs are not affected.

How to prevent from the attack

If your site has not been attacked yet, the best solution is

Update your Wordpress site immediately to the latest version. Please download latest Wordpress from here.

This critical warning comes from Lorelle on Wordpress.

There are two clues that your WordPress site has been attacked.

There are strange additions to the pretty permalinks, such as

example.com/category/post-title/%&(%7B$%7Beval(base64_decode($_SERVER%5BHTTP_REFERER%5D))%7D%7D|.+)&%/.The keywords are “eval” and “base64_decode.”

The second clue is that a “back door” was created by a “hidden” Administrator. Check your site users for “Administrator (2)” or a name you do not recognize. You will probably be unable to access that account.

If your Wordpress blog has been attacked

This attack is critical and it hacks the database - going very deep. Exporting your database doesn't help at all.

Here's the steps to take if your blog has been affected

1. Export all your content with the built-in XML WordPress export.
2. Back up all your images, CSS, Javascripts and general files. (Everything within your themes folder)
3. Install the latest version of Wordpress blog on the new database (don't re-install on your old database - the hack code will be there)
4. Add the “clean” backup of your WordPress Theme
5. Re-import your XML exported content (that will contain your posts, Pages, and comments)

They also now have an excellent team to track down this issue and quickly protect WordPress with any necessary updates. For those affected: the WordPress community is there to help.

Please blog and Twitter about the attacks. It’s important that we spread the information throughout the WordPress Community as fast as possible, encouraging everyone to update WordPress.

Loading mentions Retweet