September 06, 2009

WordPress Attack Underway

Wordpressred So here we go again. From the WordPress.org blog:

Right now there is a worm making its way around old, unpatched versions of WordPress. This particular worm, like many before it, is clever: it registers a user, uses a security bug (fixed earlier in the year) to allow evaluated code to be executed through the permalink structure, makes itself an admin, then uses JavaScript to hide itself when you look at users page, attempts to clean up after itself, then goes quiet so you never notice while it inserts hidden spam and malware into your old posts.

Granted, if you have already upgraded your WordPress installation to 2.8.4 you are protected.  Chances you you haven't.  I'm not scolding you, I'm commiserating. You have a business to run.  Receivables, Payables, Payroll.  Not to mention working your tail off to produce your company's product or service. 

You have important things to do. Keeping your blog's software up-to-date to insure that the latest security holes have been plugged should not have to be one of them.

Wordpress' overly-simplistic answer is:

the WordPress community has tried its darndest to make as easy as possible with one-click upgrades.

The problem is that in my experience the one-click upgrade seldom executes flawlessly.  In fact, here's a lovely little snippet from the Upgrading Wordpress page:

if you run into problems Upgrading WordPress with the three Steps described here, you need to revert to your old version first before using the more detailed upgrade instructions (ie. restore the backup made in step 0). Even though you might not run into any errors with this process right away, you might run into problems later down the line. Then it may not be possible to revert far enough back to fix the problem without losing any recent changes. So 

If you use Plugins and Themes other than the ones that come with the default WordPress installation, it is advisable to start over with the more detailed upgrade instructions.

Isn't that just dandy?

So when people ask me why I I am so passionate about TypePad as the best platform for your business blog, This is why.  Or at least one of the big reasons why.  If you have a Typepad blog then all this stuff is taken care of for you. No worries.  Just blog.

Sep 6, 2009 8:47:18 AM | Technical Tips, WordPress Tips

The comments to this entry are closed.

NEXT POST
The Alexander K Group Karroll K Alexander, founder of The Alexander K Group hosts these really powerful workshops for public speakers. It was turning into a real pain to have to work though his 'web guy' every time he added a new workshop date....
PREVIOUS POST
Win a Copy of 'Ignore Everybody' by Hugh MacLeod At some point in the next few days I will have my 2000th follower on Twitter. I've decided to use that event as an excuse to hold a contest. Leave a comment on this blog containing your best guess as...

Dave Barnhart

Thought-leader in leveraging social media for small businesses growth, gourmet chef, Typepad Guru.

Ginevra
Steven Mintz
The Typepad Team

Search

Become a Fan

My Other Accounts

Recent Comments