WordPress Responds to Attack: “Please Upgrade”

wordpressred WordPress has responded to news today that outdated versions of the popular blogging software are vulnerable to a new attack. The attack affects only self-hosted versions of WordPress, not those at WordPress.com. The organization’s advice is simple: if you aren’t using the most recent version (2.8.4), upgrade now to avoid problems.

This isn’t really a problem with WordPress: those who have been upgrading regularly, as advised, are not affected. And WordPress has made it increasingly easy to upgrade, now just requiring a single click.

WordPress founder Matt Mullenweg writes of the vulnerability:

2.8.4, the current version of WordPress, is immune to this worm. (So was the release before this one.) If you’ve been thinking about upgrading but haven’t gotten around to it yet, now would be a really good time. If you’ve already upgraded your blogs, maybe check out the blogs of your friends or that you read and see if they need any help. A stitch in time saves nine.

…WordPress is a community of hundreds of people that read the code every day, audit it, update it, and care enough about keeping your blog safe that we do things like release updates weeks apart from each other even though it makes us look bad, because updating is going to keep your blog safe from the bad guys. I’m not clairvoyant and I can’t predict what schemes spammers, hackers, crackers, and tricksters will come up with in the future to harm your blog, but I do know for certain that as long as WordPress is around we’ll do everything in our power to make sure the software is safe. We’ve already made upgrading core and plugins a one-click procedure. If we find something broken, we’ll release a fix. Please upgrade, it’s the only way we can help each other.

Image credit: Andrew Abogado, Flickr

Reviews: Flickr, WordPress

Tags: attack, security, Wordpress