Attention WordPressers

March 28, 2008 in Blogging, problems | 24 comments

Take it from somebody who lost at least one whole blog entirely from the consequences not upgrading WordPress: Upgrading your installation or patch is essential. So read this from Ian Kallen.

Also what he added by IM yesterday:

  What’s happening is: spammers are taking over blogs, posting link farm links on them, obscuring their human visibility with CSS tricks but the links are still visible to crawlers…

  All wordpress users that haven’t patched or upgraded to v2.3.3 are vulnerable.

  WordPress does not auto-update security fixes.

  …Any help you can provide getting the word out would be a mitzvah

I added the last link. 🙂

24 comments

  1. Boring Site Note: Just Upgraded to WordPress 2.3.3’s avatar

    Boring Site Note: Just Upgraded to WordPress 2.3.3 on March 28, 2008 at 2:54 pm

    […] did so after reading this scary post from Doc. So if you notice any wacky behaviour around here, please leave a comment or send me an […]

  2. PXLated’s avatar

    PXLated on March 28, 2008 at 3:15 pm

    That’s one reason I stay away from WordPress, too many security problems and updating is a royal pain if you use a lot of plugins, etc.
    See here – http://secunia.com/search/?search=Wordpress&w=0

  3. Derek K. Miller’s avatar

    Derek K. Miller on March 28, 2008 at 4:33 pm

    Note that if you don’t want to do the whole upgrade rigamarole and want to fix the problem fast, you can download and replace only the xmlrpc.php file. I’ve done it on several WP blogs and none have been compromised:

    http://wordpress.org/development/2008/02/wordpress-233/

  4. dave’s avatar

    dave on March 28, 2008 at 6:15 pm

    you will really love 2.5 when it’s ready, though you can likely upgrade to the RC now…admin totally improved, security enhanced further..

  5. rob friedman’s avatar

    rob friedman on March 29, 2008 at 4:13 am

    With the new WordPress 2.5 RC’s there is a new automatic plugin upgrade feature, making plugin upgrades simple.
    The only hard part is upgrading the WordPress itself, but even that is trivial if you use the subversion method.

    When 2.5 goes final it should be interesting.

  6. Doug’s avatar

    Doug on March 29, 2008 at 9:44 am

    There is also the auto upgrade plugin which makes life easy, http://wordpress.org/extend/plugins/wordpress-automatic-upgrade/

  7. Wordpress 2.5 har släppts i skarp version! | KATTKORGEN’s avatar

    Wordpress 2.5 har släppts i skarp version! | KATTKORGEN on March 29, 2008 at 8:13 pm

    […] också Doc Searles blog om varför man skall uppdatera (på engelska). Den här listan är inte komplett och vi har inte […]

  8. REBLogGirl’s avatar

    REBLogGirl on March 29, 2008 at 10:40 pm

    I have to agree with PXLated. WP is just too insecure. Matt and his crew just write bad code and bod code leads to one thing… security issues. I’m sure there are still security holes in the new version as well having seen enough of their code in the past- remember this is the same guy that thinks PHP5 is BAD and IRRELEVANT.

  9. AZ of Mattress Toppers’s avatar

    AZ of Mattress Toppers on March 30, 2008 at 3:10 am

    i upgraded to the latest version just a week ago.

    Thanks for the info

  10. Hello Mary Lu » Blog Archive » Technology News: Change is Never Easy’s avatar

    Hello Mary Lu » Blog Archive » Technology News: Change is Never Easy on March 30, 2008 at 8:48 am

    […] WordPress has announced WordPress 2.5, the culmination of six months of work by the WordPress community. With this change comes a number of serious upgrades to their software. The new version is wonderful and makes writing easier. Only problem is that the upgrade and all the under side applications require hours of work. […]

  11. Doc Searls’s avatar

    Doc Searls on March 30, 2008 at 7:44 pm

    REBLogGirl, are Matt & crew the only ones writing WordPress? Last I looked it was an open source project.

  12. kyle’s avatar

    kyle on March 31, 2008 at 4:11 am

    I’m confused. Does this apply to wordpress blogs installed on a separate domain, or hosted on wordpress.com, or both? Thanks.

  13. Ron of Somali Web Design’s avatar

    Ron of Somali Web Design on March 31, 2008 at 12:41 pm

    Kyle, This only applies for wordpress blogs installed on a separate domains.

    FYI, all new version of WordPress 2.5 has been released containing many new features.

  14. Life is grand » Blog Archive » Hacked’s avatar

    Life is grand » Blog Archive » Hacked on March 31, 2008 at 7:59 pm

    […] [Update]Right, used a built-in theme so at least it looks OK. Probably get hacked pretty soon again though. Need to upgrade to 2.5.[/Update] [Update2]Doc Searl’s mentions the hack[/Update] […]

  15. Christopher Myers’s avatar

    Christopher Myers on April 2, 2008 at 10:45 pm

    Thanks for the clarification between separate domains and wordpress.com hosted.

  16. robin Sing’s avatar

    robin Sing on May 2, 2008 at 11:50 pm

    I have been afraid to upgrade but after reading this I guess it’s really nothing to worry about.

  17. Barry Cunningham’s avatar

    Barry Cunningham on May 2, 2008 at 11:51 pm

    I understand that it is open source and I also understand REBloggirl’s point, ..but can’t there be a concerted effort to close the bad links in the chain?

  18. Hunter Jackson’s avatar

    Hunter Jackson on June 10, 2008 at 8:53 am

    Barry,
    I would think that it would be to the best of everyone to close off the bad links in the chain. I feel upgrading wordpress initially is just like a new Windows SP.

  19. John Sabia’s avatar

    John Sabia on December 11, 2008 at 10:07 am

    Glad I stumbled here – I have not upgraded but will do so now.

  20. Scranton Web Design’s avatar

    Scranton Web Design on February 16, 2009 at 4:50 pm

    That was a great post, I really enjoyed it. I will have to bookmark your site so I can come back later.

  21. Mike’s avatar

    Mike on May 18, 2009 at 11:29 pm

    It’s also a good idea to backup your blog’s database so that it can be restored in case of getting hacked, a crash, whatever.

  22. West Palm Beach SEO’s avatar

    West Palm Beach SEO on August 27, 2009 at 2:23 pm

    Upgrading your WP blog is a simple one button install, but in some instances the accompanying plugins will also require update. It’s always best practice to first backup either internally via WP or through your hosting account (via cpanel for example).

  23. Robin’s avatar

    Robin on December 22, 2009 at 8:41 pm

    WordPress just came out with another version. Hopefully this upgrade will make the problems that many have experienced rendered moot.

  24. Lenny’s avatar

    Lenny on January 9, 2010 at 1:46 am

    I am finding that WordPress is doing all they can to keep one step ahead of the idiots out there. But of course one should indeed back up regularly especially if you are posting a lot of content. Better safe than sorry for sure.

Comments are now closed.