WordPress under attack, upgrade your blog now

If you’re running a self-hosted WordPress blog that isn’t up-to-date (version 2.8.4), you’re advised to upgrade immediately to the latest version of the software to avoid an ongoing attack. Users of WordPress.com hosted blogs are not affected.

Several sites are reporting that a major attack on WordPress blogs started few days back. The latest version of WordPress, 2.8.4, is not vulnerable to this particular worm, so upgrading now could save you a lot of headaches. The worm creates a new, hidden administrator account on your blog, allowing whoever’s behind this thing to access the guts of your blog, databases and all.

How do you know if your site has been affected? Lorelle on WordPress offers two possible ways to find out:

There are strange additions to the pretty permalinks, such as example.com/category/post-title/%&(%7B$%7Beval(base64_decode($_SERVER%5BHTTP_REFERER%5D))%7D%7D|.+)&%/. The keywords are “eval” and “base64_decode.”

The second clue is that a “back door” was created by a “hidden” Administrator. Check your site users for “Administrator (2)” or a name you do not recognize.

WordPress has acknowledged the attacks and encouraged users to upgrade their sites. WordPress.com users aren’t affected, as the whole system has already been updated to 2.8.4. If you’ve already been afflicted by the attack, start on the steps in WordPress’ FAQ.