Blogger Alert: Worm Attacks WordPress Blogs

Bloggers using WordPress should be aware of a newly discovered vulnerability that could compromise their blog.

The popular blog publishing application and content management system, WordPress, has fallen under heavy fire lately due to a particularly nasty little worm circulating many users' blogs who are still using outdated versions of the blogging software.

The vulnerability that allows this attack was discovered on August 11, causing WordPress to quickly spring into action, advising users to upgrade to version 2.8.4. Unfortunately, many people have yet to make the move to this latest version, and the worm is taking advantage of the hesitation.

According to WordPress, the worm does not affect the current version 2.8.4 or the version prior to it. The worm also seems to only affect people who host their own WordPress blog, not those hosted on WordPress.com. The website also offers users links and instructions in order to upgrade, along with an FAQ for those who believe their blog may have been hacked.

The worm in question has proven difficult to detect and identify. Matt Mullenweg, founding developer of WordPress, proceeds to explain that the worm "registers a user, uses a security bug (fixed earlier in the year) to allow evaluated code to be executed through the permalink structure, makes itself an admin, then uses JavaScript to hide itself when you look at a user's page, attempts to clean up after itself, then goes quiet so you never notice while it inserts hidden spam and malware into your old posts."

While the danger is real, the methods by which one can easily protect themselves and their information is simple enough. Upgrade to the latest version of WordPress now if you have not done so already.