WordPress has posted a blog article regarding a worm going around the internet actively looking for a security vulnerability in all WordPress blogs before version 2.8.3. The worm itself exposes itself in a couple of ways:

1. Strange additions to permalinks, such as example.com/category/post-title/%&(%7B$%7Beval(base64_decode($_SERVER%5BHTTP_REFERER%5D))%7 D%7D|.+)&%/. The keywords are “eval” and “base64_decode.”
2. A “back door” was created by a “hidden” Administrator. Check your site users for “Administrator (2)” or a name you do not recognize.

The damage that’s done can obviously be pretty horrendous. Permalinks all die, making your blog useless, and alas – tons of spam being inserted into old articles etc.

Protection

How do you protect yourself? Get upgrading! If you haven’t already done so, upgrading to version 2.8.4 is now a must. Follow this simple guide from WordPress – the important parts being

1. Backup Your Files
2. Backup Your Database

Then upgrade! I have to say though, upgrading brings the fear into me, and also takes some effort. I can understand why people don’t do it (the WordPress auto upgrade sometimes fails, and b0rks installs) – I guess you need to think security more than features!

I’ve been hit!

Numerous times yesterday I noticed via my web analytics spy that your beloved ReynoldsFTW category pages were being hit by this so-called worm via the strange URL above in (1). Which goes to show it’s pretty prevalent out there! This is not a drill!

Luckily though, I lucked out by upgrading to 2.84 some weeks back when it was released.

Help Others!

If you love your fellow man – hit the retweet button at the top and bottom of this article – let’s hug!