WordPress 2.1.1 is Dangerous, Upgrade Now!

ADVERTISEMENTS

If you upgraded to WordPress 2.1.1 in the past 3-4 days, download the new version (2.1.2) and update your blog again because your files may include a security exploit that was added by a cracker!

Only WordPress 2.1.1 seems to have been affected, so if you have not upgraded to WordPress 2.1.1 you should be fine. If your blog is running 2.1.1, please upgrade immediately and do a full overwrite of your old files.

For further details check out the WordPress blog.

banner

Search JohnTP.com or view a random post

To receive this blogs articles for FREE on your email inbox, just enter your email address below and click 'Go':

Enter your email address: or .

Find out what I am doing currently by .

31 responses so far,

  1. 1

    Ryan

    March 3, 2007 at 11:46 am

    This is pretty scary, and I can only hope everyone that has a version with the hole in it upgrades.

    I can only imagine what kind of black eye Wordpress would get if a major site was hacked due to the exploit.

  2. 2

    Thilak

    March 3, 2007 at 12:17 pm

    Yeah, Something like this shouldn’t keep happening at wordpress

  3. 3

    Garry

    March 3, 2007 at 12:30 pm

    Wordpress Will Always Be Under Attack
    Everyday blogging increases in popularity and with this comes a reason for hackers to try to crack Wordpress and other blog publishing programs and applications. This is something we all need to come to terms with. Especially if you are a Wordpress blogger. My suggestion would be to subscribe to the Wordpress.org blog feed and or always pay attention to the feed listing in your WP-Admin Dashboard, or Read about it here on JohnTP.com.
    I am an old-school mid 90’s web guy. And back in my day (I am acting like I am old here! lol!) you didn’t have too many issues of this particular nature. Especially when it came to Weblogs. During this time, most weblogs were flat static HTML pages written in NOTEPAD.EXE or if you were cool, you had FrontPage or DreamWeaver.
    One of the main things I don’t like about Wordpress.org is the fact that all the posts, and “what they call static pages” aren’t really static at all. They are all dynamic and don’t physically exist on your server as they appear in your URL in your web browser. And to me, that is scary. Yes, I do back up my work… no I don’t use the Wordpress back up plugin… I use back up tool in WHM or Cpanel. But still, even aside from your site getting hacked… using dynamic pages makes it difficult when you want to make permalink structure updates. Basically, with a click of a button you can change the entire permalink structure of your site… which is nice… but all your posts and pages that have been indexed in Google are gone! There may or may not be a plugin that actually writes static html pages to your server in Wordpress… but in my opinion, I think major changes need to happen to prevent these security problems in Wordpress.
    I am far from a programmer, or even a hacker for that matter… but there are many instances where Blogger.com blogs are more secure than Wordpress blogs… one simple reason is the fact that Blogger.com writes static html pages and is less driven on MySQL databases.
    Closely Investigate Plugins Before You Install
    From just a common guy, that is about the only thing I can suggest to you. Investigate and research plugins before you install them because they can make your Wordpress install unsecured and vulnerable. From what I understand Wordpress itself is pretty secure, but when you go mixing in a million and one plugins you can get conflicts and actually create many holes into the system.

  4. 4

    Thilak

    March 3, 2007 at 1:00 pm

    Yeah Garry, They aren’t physically static, but the appear somewhat static to search bots.

  5. 5

    Sodhi

    March 3, 2007 at 2:18 pm

    Holy cow !!

    I hate to mess around with template again.

  6. 6

    Sharique

    March 3, 2007 at 2:28 pm

    I thought wordpress is at least safe, being open source. Damn this hackers are always one step ahead! WP should seriously look into a way to ease out the upgrade process or else its a big pain to upgrade.

  7. 7

    lyndonmaxewell

    March 3, 2007 at 2:49 pm

    I got hacked as a result yesterday. Could it be linked to the above? I had to reinstall wordpress again. Luckily I had my backups.

  8. 8

    Mr.Byte

    March 3, 2007 at 4:03 pm

    Apart from the frequent updates of Wordpress this hackers have increased the update frequency to another level

  9. 9

    lyndonmaxewell

    March 3, 2007 at 4:10 pm

    I agree. Open-source, or non open-source, hackers will still find a way to create mischief and fulfill their ‘enjoyment’ doing so.

  10. 10

    Thilak

    March 3, 2007 at 6:02 pm

    lyndonmaxewell: The hacker just did his job three four days ago, when did you upgrade?

    Sodhi: Why template? You just have to replace core wordpress files

  11. 11

    wildbluff_matt

    March 3, 2007 at 6:20 pm

    Arrggh. Headache. I guess that’s what I’ll be doing this morning…

  12. 12

    lyndonmaxewell

    March 3, 2007 at 7:40 pm

    @ Thalik yesterday or so i guess. and i am not kidding as i kept the picture of the hacked attempt on my site.

  13. 13

    chatca

    March 3, 2007 at 8:30 pm

    i just install wordpress 2.1.1 three or four days ago, and post many articles. if i upgrade to 2.1.2 what happen with my post?

  14. 14

    Mr.Byte

    March 3, 2007 at 9:34 pm

    , I dont think your posts will be affected. You can take a backup of your contents before upgrading, so that you reduce your chance of losing your contents. If you don’t know hoe to take a backup, check out my article on how to export and import.

  15. 15

    chatca

    March 3, 2007 at 9:49 pm

    thanks mr.byte
    now upgrade in progress, hopely everything is ok.
    real estate

  16. 16

    Ryan

    March 3, 2007 at 10:10 pm

    : you should check out John’s post a few days ago about a plugin to use when updating your permalink structure!

  17. 17

    lyndonmaxewell

    March 3, 2007 at 11:02 pm

    @ chatca
    I would suggest that you read this, perhaps in future.
    http://codex.wordpress.org/Upg.....structions

  18. 18

    Sodhi

    March 4, 2007 at 11:30 am

    “, I dont think your posts will be affected.”

    Nothing happened to my posts.

  19. 19

    Ashish Mohta

    March 5, 2007 at 7:09 pm

    : They just found one who knows there are more.Soon you might here there is another hack in 2.1.2.Better replace everything and its easy

  20. 20

    Ashish Mohta

    March 5, 2007 at 7:11 pm

    …: We would like to see it for sure.Would u mind sharing it?

  21. 21

    Ashish Mohta

    March 5, 2007 at 7:12 pm

    Posts will never be affected unless you do something too stupid.And if you have the backup go for a clean one.Its easy

  22. 22

    Mr.Byte

    March 5, 2007 at 7:53 pm

    How about the upgrade using fantastico? Do you think its safe from these hackers and crackers?

  23. 23

    Ashish Mohta

    March 5, 2007 at 7:57 pm

    : Madhur upgraded yesterday using that.Guess he will be telling u more easy.I have heard its good.But then again I like manual

  24. 24

    lyndonmaxewell

    March 5, 2007 at 8:19 pm

    @ Ashish The hacked attempt? Its on an article which I wrote on 3rd Mar.

  25. 25

    lyndonmaxewell

    March 5, 2007 at 8:22 pm

    @ Mr.Byte Manual is the safest. For your info, I installed the hacked version using Fantastico.

  26. 26

    Thilak

    March 5, 2007 at 8:25 pm

    Ashish: Did it already :P

  27. 27

    Mr.Byte

    March 5, 2007 at 11:04 pm

    , Oh is it? Then I should going for a manual update, but fantastico is the simplest as it happens in a click of a button :-)

  28. 28

    Ashish Mohta

    March 5, 2007 at 11:06 pm

    It depends, If you know really what you are doing its good but understand the folder structure first where is what

  29. 29

    lyndonmaxewell

    March 5, 2007 at 11:20 pm

    @ Mr.Byte The site that I had mentioned from wordpress from above may be of help, for manual.

    @ Ashish The web link for my ‘hacked’ story, for sharing.
    http://esplanade.sg/2007/03/03/i-got-hacked/

  30. 30

    antrs

    March 12, 2007 at 9:40 pm

    i has upgrade my blog that using wordpress 2.1.1 to wordpress 2.1.2, and upgrade is very easy

  31. 31

    Runa

    March 12, 2007 at 10:55 pm

    That’s true, I found two blogs that had intrusion-matters with the previous version of WP.



    Copyright ©2005-2008 JohnTP, All rights reserved.