You Need To Upgrade Your WordPress Blog

Posted by Jeff

on September 8, 2009

If you have a WordPress blog older than version 2.8.3 then it is at risk of being hacked. There has been a lot of buzz within the WordPress and blogging community the past few days about the number of hacked WordPress blogs that attacks the database.

I normally don’t jump on the next version of WordPress until I see what all the buzz is about and make sure its stable. As I stated in a previous post Another Security Release WordPress 2.8.4 about version 2.8.3 vulnerabilities I can’t stress it more. It seems that quite a few prominent WordPress blogs have been hacked this past weekend. The hack is in the form of a worm that attacks the database and once infected an upgrade, which only overwrites the core files, will not remove the worm. The only way to remove the virus is to remove it from the infected database.

The signs of an infected WordPress site are a new unauthorized administrator user account or strange additions to the trailing end of the permalinks. To check your WordPress blog in the dashboard go to Users and make sure there aren’t any administrators you haven’t authorized. Then view a single post and check the permalinks in the browser address bar.

If you have been hacked or want to learn more, Lorelle has a great post on her WordPress site here: Old WordPress Versions Under Attack

Similar Posts:

WordPress News

Tags: WordPress News, WordPress-Upgrade

If you liked this post, feel free to leave a comment that is relevant to the post or subscribe to the feed and get future articles delivered to your feed reader.

Sorry but due to the spamming of a few all comments are moderated and will appear when approved and all drive-by comments will be deleted!

Comments

Comment by TopWebPros on September 8, 2009 @ 11:03 pm

This recommended update I caught on Twitter as well. Upgrade and secure your admin directory though htacess as well – can never be too safe!

Comment by Express lån on September 9, 2009 @ 4:11 am

I guess i really need to update my blog. Thanks for such an informative post.

Comment by jim@FHA STREAMLINE on September 9, 2009 @ 6:28 am

i have already upgraded to 2.8.4.its really helpful.so user friendly as well.

Comment by Rob on September 9, 2009 @ 2:17 pm

Couple other tips. Don’t post your version on your site. If it’s old it’s like announcing you want to be attacked. Also, one thing that helps me out is by stopping the bots. Get an plugin like Sabre.

Comment by Stefan on September 9, 2009 @ 2:18 pm

Its really scary if somebody just took over your WordPress and change all the information and data that you hardly wrote from a long time. Well all of us should update our WordPress 2.8.4 right away before the unwanted scenario happens.

Comment by Kel@ Female Tattoo Gallery on September 10, 2009 @ 2:14 am

Thanks Jeff, I appreciate you posting this warning to wordpress users. I hadn’t updated to the latest version of wordpress, but I have done so now due to your recommendation.

Comment by Jumper on September 10, 2009 @ 10:37 am

If you demand to grab a fine paper all about WordPress blogs you can use online plagiarism, and i’ll advise you to check it in http://www.plagiarismsearch.com ! unlike other services, they give excellent grade guaranty that your work is free of plagiarism. You like to order already written essay using the assistance of the plagiarism detection. They will give you an accurate plagiarism detection reporting without any delay.

Comment by Derek Dorian on September 10, 2009 @ 11:16 am

Most of hacked WP sites were at database level, which is one of the worst hacks ever. good job wordpress !!!!!!!!!!!!

Comment by RWH on September 10, 2009 @ 2:07 pm

Hey Jeff, I usually build websites in old fashioned way even though I like wordpress a lot, and how powerful and useful it has become in the blogging community. But again, the scary part is that you always have chances of getting hacked. I guess we have to keep an eye on updating our blogs regularly, and look out on the tips that you have mentioned in your post. Overall, informative and helpful entry. Thanks a bunch!

Comment by Christian Hollingsworth on September 10, 2009 @ 10:58 pm

It’s been interesting seeing the many opinions (both good and bad) towards WordPress for not notifying users sooner about these hacks. It seems the community has done well though in making sure everyone remembers to upgrade against these hacks. Thanks for sharing!

Comment by nogomet on September 11, 2009 @ 7:23 am

Thanks a lot for clarifying that. In my company we use some really old WP blogs and haven’t took the time to upgrade them, since we thought it wasn’t all that important. Now I think different.

Comment by sgwedd on September 11, 2009 @ 8:34 am

In my point of view it is very good to try out the new things but before upgrading our valuable wordpress we should try that on a lower level by a trial blog upgrade & if there is not any fault in that then it is very good for us to upgrade our main blog!

Comment by Jeff on September 11, 2009 @ 10:08 am

While I think it is advisable to wait to upgrade WordPress with a new major release, like 2.7 to 2.8. But in cases like this, 2.8.3 to 2.8.4, for security I suggest to do it right away.

Comment by Wolfgang on September 12, 2009 @ 1:24 am

It is a smart move to test the water first before you dive in. This hack, is it a worm already included in the application? That is a bad word not just for the site or blog but for the computer as well. Thank you for this information. It will serve as a warning as well for all of us.

Comment by Raphael on September 12, 2009 @ 5:22 am

This serves as a warning to all WP users of older version. It’s very disappointing that all your hard work in building your own WP site will put into waste.

Comment by kuudo on September 12, 2009 @ 6:55 pm

Upgrading wordpress is very important to do, but most special plugin just does not work in the new wordpress.I still use 2.7.1 for now.

Comment by The Therapist on September 12, 2009 @ 8:14 pm

Youre absolutely right, in the previous versions there are bugs also, and upgrading is the best way to keep safe from attacks.

Comment by hani on September 13, 2009 @ 4:36 pm

normally don’t jump on the next version of WordPress until I see what all the buzz is about and make sure its stable.

Comment by Webinar service on September 14, 2009 @ 2:53 am

Its really a time to update it because i didnt do it for a long time. In previous version a lot of bug were also.

Comment by Playstation 3 on September 14, 2009 @ 3:36 pm

Anyone who hasn’t upgraded yet – do so now. My site was hacked and they made changes to all of the php files. Luckily the database wasn’t affected, and I had backups of everything but it could have been a lot worse.

Comment by online dating on September 16, 2009 @ 3:09 am

Thanks a lot for sharing this information.Coz’ i don’t know to update my wordpress blog.

Comment by Consumer court on September 19, 2009 @ 6:22 am

It is really the need of the hour….i have seen many such updates several times now of. I am really happy to tell that i have just upgraded my blogs to the latest version and now everything is really set for its promotion.

Comment by Kris on September 20, 2009 @ 8:06 am

Ok. So I have 20 blogs or so and rarely upgrade the WP version unless its a major update. For example the 2.7 was a big change with the interface. Since you’ve given details of exactly what could go wrong, I’m going through my webhosting account right now and upgrading all my blogs.

I’d hate for this to happen to me.

Comment by Finance Information on September 21, 2009 @ 6:39 am

I use wp 2.8 on my website.. no big change but it’s acceptable

Comment by Marcos on September 26, 2009 @ 8:49 pm

Thanks a lot for clarifying that. In my company we use some really old WP blogs and haven’t took the time to upgrade them, since we thought it wasn’t all that important. Now I think different.

Comment by yudz on September 27, 2009 @ 8:40 am

I’ve heard this in many forums about wordpress users. indeed, it is highly recommended given the risk.

Comment by Thechubbybaby on September 27, 2009 @ 9:11 am

it’s usefull information..but is it working for all plugins?

Thank you

Jeff Replied:
September 27th, 2009 at 9:52 am

There is no way of knowing if any version of WordPress will work with all plugins until you upgrade. Then the fun starts tracking down and fixing any issues that plugins may create.

Comment by Houston Townhomes For Sale on September 28, 2009 @ 12:29 pm

Really? I’m glad to hear about the warning. Thanks a lot.

I normally don’t jump on the next version of WordPress until I see what all the buzz is about and make sure its stable.

So, is the new version stable? Is it okay to get this version?

Comment by Jeff on September 28, 2009 @ 5:01 pm

Did you read the post? “I normally don’t jump on the next version of WordPress until I see what all the buzz is about and make sure its stable.”

Usually the small incremental upgrades, like 2.8.3 to 2.8.4, don’t have major changes and thus no major issues. When they go to like 2.7 to 2.8 then be careful.

Comment by Mobile based Embedded software’s on September 29, 2009 @ 7:19 am

That’s great, I never thought about Upgrade Your WordPress like that before.

Comment by Chris on October 2, 2009 @ 5:49 am

Great! Thanks for the post. I will update my WP blog as soon as possible.

Comment by Oribium Web Design on October 2, 2009 @ 9:49 am

I havn’t updated wordpress because some of my plugins isn’t compatible with the 2.8. But I think this will make me do it anyway and maybe change those plugins to other, compatible, alternatives.

I hate when this happens!
Thanks Jeff for the warning!

Comment by Home Based Business Owner on October 6, 2009 @ 4:44 pm

Hi Jeff

Thanks for the update about wordpress. But I have a couple of questions. What happens when you go from an older version to a new version in terms of your data/articles?

Have you found that your website is fine after the upgrade or do you have do some tweaking?

Thank you

Darrell

Comment by Jeff on October 6, 2009 @ 6:02 pm

The data remains, or at least it should. That is why you should always backup first.

New versions can cause multiple issues mostly with plugins and some plugin-dependent themes.

Comment by cumuniversity on October 10, 2009 @ 1:33 am

There is no way of knowing if any version of WordPress will work with all plugins until you upgrade. Then the fun starts tracking down and fixing any issues that plugins may create.

Comment by bucksboy on October 10, 2009 @ 8:14 am

I am still running blogs on 2.7 due to some weird problem with a server, whenever I update to 2.8 the editor does not work at all, same as the admin links. 2.8 works fine on other hosting accounts we have and am at a loss of what it would be. The same server that cannot use 2.8 also has issues with installing the sample data during a Joomla install, really have run out of ideas at what could be causing it.

Comment by kfz auto on October 10, 2009 @ 4:09 pm

Ok I think I get it I use WP 2.8.1 and after your article I do not feel very save – so I will update my blog! Thank you for the warning.

Comment by Joseph on October 11, 2009 @ 11:03 am

I just updated to 2.8.3 for security reasons, plus I’d noticed some display errors so I thought it’d be a good idea. I Backed up the database and relevant files in the process just in case too. Actual update took 10 seconds, but the backup 58 minutes (still pretty good) and I documented the entire process and posted a pictorial guide on my blog for anyone wanting a step by step account of how to do it.

Comment by Electric Cigarette on October 12, 2009 @ 2:27 am

Hey Jeff,

I’m fairly new to wordpress and started out with the latest version so I don’t have to worry about the older exploits I’ve been reading about. I would, however, like to know how hard the upgrade process is. I want to stay protected but don’t want to lose all the hard work I put into my blog when the time to upgrade comes. Thanks for your quick reply on my other post.

Jack

Comment by hire seo expert on October 14, 2009 @ 7:41 am

Jeff,

I’ve been suffered from this kind of phishing attack, my blog had been hacked liked all post were deleted but my good luck,i’ve been taking back up of my all blog post and comments. i think securing your site from this kind of attack, don’t store you password in ftp client software and make your password strong with the combination of alpha, numeric and special characters. it will help you a lot.

Comment by How to Get Fast Cash on October 19, 2009 @ 9:20 pm

Whoa! Never thought something like that. I haven’t got a chance to upgrade my WP. Hm, gotta do it asap…or now. Are the hackers attack the database or what?

Comment by Oribium Web Design on October 23, 2009 @ 3:16 am

Upgraded it and the day after the 2.8.5 was released with more security improvements. Evil!

Comment by Parminder chahal on October 24, 2009 @ 1:36 am

Yes it is very much needed to upgrade your WP blogs to new versions. As there have been quite a lot blogs which are of old versions. By your post i am sure that many people will definitely realize that it is high time to upgrade.

Comment by BeautyAdvice on October 25, 2009 @ 2:56 pm

Thanks for the information, didn’t know your blog can be vulnerable if you don’t upgrade.

Comment by Hand Poured Candles on October 26, 2009 @ 7:59 am

I have a bunch of old blogs that I have forgotten the password to. I can’t for the life of me remember the exact version number but I hope they aren’t vulnerable

Comment by mlm legend on October 29, 2009 @ 2:06 am

yes upgrading will only takes 1 min if you go download automatic wordpress upgrade plugin. its so easy to use. just click click click click then its done.

Jeff Replied:
October 29th, 2009 at 8:19 am

You don’t need the plugin anymore its part of WordPress now.

Comment by cheap uggs on November 1, 2009 @ 7:33 pm

If you have been hacked or want to learn more, Lorelle has a great post on her WordPress site here: Old WordPress Versions Under Attack

Comment by Work at home online business ideas on November 7, 2009 @ 4:06 am

Really a great and helpful insight. All WP user sshould upgrade for security sake, including me

Comment by Note from Lewisc on November 7, 2009 @ 4:17 am

It was really risky that the old WP blog has such a weak point. Undeniable Google’s blogspot has done much better than WP in this area, though its functionalities are really limited.. just my two cents..

Comment by Tantsuyut vsi on November 16, 2009 @ 8:33 am

On one of my blogs is a much older version and nothing happened, but still might want to update, but it may be the problem.

Thank you!

Comment by Alex Bystrica on November 27, 2009 @ 4:37 am

Any blog is always in danger of being hacked. No code is 100% safe. Though, upgrading is always a good idea.

Comment by Watch Online Free Movies on December 26, 2009 @ 11:23 am

Thanks for warning. Now I’m going to update my WP. Thanks God I wasn’t hacked.

Comment by Fatma on December 27, 2009 @ 3:29 am

Can i update via handphone?

Jeff Replied:
December 27th, 2009 at 1:14 pm

I don’t know. Why not try instead of asking me?

Drive-By comments will be deleted! Like "Thanks for sharing", "Nice post", or any other text that doesn't contribute to the discussion. If you ask a very specific question about your particular WordPress theme, it will probably be deleted. I can fix your WordPress site but for a price. If you ask a question like "Why don't my blog work right", it will be deleted. If you ask a question about your WordPress site without a leaving a link to it, it will be deleted. The point is to ask questions and or comment on the the actual content of the post, and to please use some common sense. All comments are moderated and will appear when approved. Thank you.