Have you been the Victim of a WordPress Exploit?
Today we were made aware of a WordPress exploit affecting all versions pre 2.8.4 (the latest version available since 5th September 2009). WordPress has identified a number of hackers that are able to access sites that aren’t using the most current version. The advice given is to upgrade your version of WordPress immediately in order to stay protected. If you have a later version of WordPress you can click on the ‘automatic upgrade’ feature. Older versions require you to download the latest package, extract it and upload it to your server via FTP software.
If you have already been hacked, unfortunately, this could mean you or your web agency have some work to do to resolve the issue. Mashable.com have reported that you have to export all of your content as XML using the built-in feature, followed by deleting and re-installing WordPress back on your server. Doing this is the only way to get rid of the hackers code as if you export the database, you will export the code too. Apparently, this isn’t a difficult task (although I have never tried it before) but it can be a very time-consuming process if you have a lot of content on your site.
If anyone is having any issues with their blog or WordPress site, then I recommend speaking to your hosting provider to see if they can offer assistance. If not, contact Falkon Digital as we will be able to help.
–UPDATE– 9th September 2009
Some more information to help you find out if your blog has been affected:
There are two clues that your WordPress site has been attacked.
There are strange additions to the pretty permalinks, such as:
The keywords are “eval” and “base64_decode.”
The second clue is that a “back door” was created by a “hidden” Administrator. Check your site users for “Administrator (2)” or a name you do not recognize. You will probably be unable to access that account.