Keeping Your Content Management System Updated

Submit Your Site For Free!

Email Address:
* URL:
*
*Indicates Mandatory Field

Terms & Conditions

By Dan Morrill
Expert Author
Article Date: 2009-09-08

If you do nothing else today hackers have been busy coming up with a new Wordpress hack that is making the rounds this week. While Wordpress hacks are nothing new, Lorelle on Wordpress says that this attack is going to be bad, and is bad right now.

The attack showed up about three days ago, and the Wordpress engineers are busy trying to work out how to help people recover data, but this looks like it goes deep into the database making the entire Wordpress installation a malware serving platform. Wordpress hacks are nothing new, Robert Scoble was hacked a month back, and even Techwag has been taken out at least once because of a major Wordpress hack.

Updates are much easier under the 2.8.X model, click a button go through the upgrade no worries. It is not like how it used to be with FTP'ing files all over the internet and the rest of the pain you used to have to go through. Using the Wordpress backup plug-in for your database in case things do go wrong is also super easy. There really is no reason not to upgrade at this point, unless you want your Wordpress installation to become a malware serving point of entry for unsuspecting visitors.

Lorelle recommends:

1. UPDATE NOW! Reports are that this attack impacts ALL versions of WordPress up to 2.8.4, the most recent release.

2. Report from WordPress on Attack: How to Keep WordPress Secure. Information on the most recent update of WordPress that prevented this attack on updated WordPress sites: WordPress 2.8.4: Security Release.

3. What Version Am I Using? If you are using a WordPress version after 2.7, the nag screen on the WordPress Administration Panels will alert you to upgrade. If you are using an older version, upgrade now. Don't know what version you are using? Without a nag screen to tell you to update, you're using an old version. Checking the Administration Panels footer will help, but don't waste time looking. Just update now!

4. Use a WordPress Plugin for Protection: Do not rely upon a WordPress Plugin to protect you. There are many reports of Plugins that will "help" in the comments. While they might help in other ways, please upgrade now. That is the only solution if your site has not been impacted.

5. WordPress is Not Secure: WordPress is incredibly secure and monitored constantly by experts in web security. This attack was well anticipated and so far, WordPress 2.8.4 is holding. If necessary, WordPress will immediately release a update with further security improvements. WordPress is used by governments, huge corporations, and me, around the world. Millions of bloggers are using WordPress.com. Have faith they are working overtime to monitor this situation and protect your blog.

6. Fear of Upgrading: This attack is serious enough to overcome all your fears of updating. If older WordPress Plugins are holding you back, update them to the latest version or replace them with new. If your Theme might break, contact the Theme author and update or replace it. There are thousands of free Themes to choose from, probably some better than what you are using. If you are using a recent version of WordPress, updating is as easy as clicking a couple buttons. If you are using an older version, download the most recent version and upgrade now.

7. Other Issues? Whatever your issue is that keeps you from updating Wordpress, get over it and update now to protect your site.

In all this is something you really should do today, don't wait, just click a button and upgrade your installation. This will be the best five minutes of your life if you love your web site. The sadder part though is that I know people will not upgrade, and the psychological effects of being hacked can be traumatic at best, or kill your blog at worst. There are a ton of hoops to jump through with Google and Stop Badware dot Org, and that is just the beginning of the pain if your Wordpress installation or any web site that is owned by anyone. It is a painful thing to deal with a hack, five minutes could save you months of pain.

Comments

About the Author:
Dan Morrill runs Techwag, a site all about his views on social media, education, technology, and some of the more interesting things that happen on the internet. He works at CityU of Seattle as the Program Director for the Computer Science, Information Systems and Information Security educational programs.