While it is always important to keep your WordPress software current, this past summer saw a barrage of updates and security issues. Like any Internet based application, WordPress is no stranger to security issues. In fact back in 2007 this article, Wordpress Version 2.2 Hack Warning, was posted on Blogging Tips.
This summer saw a barrage of updates: WordPress 2.8 was released on June 10th and by August 12th version 2.8.4 was released for a total of 5 updates in 60 days – an unprecedented pace for WordPress releases. These security issues were major enough to demand the immediate attention of new releases. For example, the 2.8.4 release was because:
Yesterday a vulnerability was discovered: a specially crafted URL could be requested that would allow an attacker to bypass a security check to verify a user requested a password reset. As a result, the first account without a key in the database (usually the admin account) would have its password reset and a new password would be emailed to the account owner.
There are any number of worms on the Internet looking for older instances of WordPress. Where worms were once limited to childish things like defacing your site, the new worms are looking to take over blogs for search-engine optimization (SEO) of other sites they control, traffic-redirection and other inappropriate purposes. For more than a month, as worm attacks have raged, version 2.8.4 has stood tall as a safe defense.
Upgrading is a known quantity of work, and one that the WordPress community has tried to make as easy as possible with one-click upgrades. Fixing a hacked site, recovering Google placement after your site gets removed from Google for having spam and malware on it and recovering lost users – those projects are way harder than the occasional WordPress upgrade. If you ever find that your site has been attacked then you can find help in the WordPress Codex article on how to deal with a hacked WordPress site.
If you are using a WordPress version after 2.7, the nag screen on the WordPress Administration Panels will alert you to upgrade. If you don’t see the nag screen then you are using an older version and you should be updating now! As the WordPress Blog recently said “Please upgrade, it’s the only way we can help each other” and keep the WordPress community as strong as ever.