Update immediately to 2.8.4 if you have anything older – update it now!!!

Otto42 of OttoDestruct, a key WordPress developer and supporter, reports that there is an “attack” on older versions of WordPress right now. The number of sites hit by this is growing every hour. Protect your WordPress blog now: UPDATE NOW!!!

Things You Need to Know Now

UPDATE NOW! Reports are that this attack impacts ALL versions of WordPress up to 2.8.4, the most recent release.  Report from WordPress on Attack: How to Keep WordPress Secure. Information on the most recent update of WordPress that prevented this attack on updated WordPress sites: WordPress 2.8.4: Security Release.

What Version Am I Using? If you dont have a nag screen that alerts you to update – you have a version that needs updating now.  No exceptions.

Some people are suggesting to use a WordPress Plugin for Protection: Do not rely upon a WordPress Plugin to protect you. There are many reports of Plugins that will “help” in the comments. While they might help in other ways, please upgrade now. That is the only solution if your site has not been impacted.

WordPress is Not Secure: WordPress is incredibly secure and monitored constantly by experts in web security. This attack was well anticipated and so far, WordPress 2.8.4 is holding. If necessary, WordPress will immediately release a update with further security improvements. WordPress is used by governments, huge corporations, and me, around the world. Millions of bloggers are using WordPress.com. Have faith they are working overtime to monitor this situation and protect your blog.

Fear of Upgrading: This attack is serious enough to overcome all your fears of updating. If older WordPress Plugins are holding you back, update them to the latest version or replace them with new. If your Theme might break, contact the Theme author and update or replace it. There are thousands of free Themes to choose from, probably some better than what you are using. If you are using a recent version of WordPress, updating is as easy as clicking a couple buttons. If you are using an older version, download the most recent version and upgrade now.

What to do if site has already been attacked:  There are two clues that your WordPress site has been attacked.  There are strange additions to the pretty permalinks, such as example.com/category/post-title/%&(%7B$%7Beval(base64_decode($_SERVER%5BHTTP_REFERER%5D))%7D%7D|.+)&%/.   The keywords are “eval” and “base64_decode.”

The second clue is that a “back door” was created by a “hidden” Administrator. Check your site users for “Administrator (2)” or a name you do not recognize. You will probably be unable to access that account, but Journey Etc. has a possible solution.

To Prevent Your WordPress Blog from Attack, update your WordPress site IMMEDIATELY to the latest version. Change ALL passwords to a strong password immediately, including WordPress blog access for all users, database, FTP, control panels, everything.

If Your WordPress Blog Has Been Attacked:  If your site has already been attacked, it appears that the hack attacks the database, going deep. We’re looking for solutions, but the easiest appears to be to export all your content with the built-in XML WordPress export (pre 2.1 versions, try the WordPress-to-WordPress Import WordPress Plugin) and literally remove your WordPress installation totally (save images and general files). DO NOT EXPORT YOUR DATABASE! Install the latest version of WordPress and add the “clean” backup of your WordPress Theme, then import the XML export. The export will contain your posts, Pages, and comments, and hopefully no other hacked code.

“How To Completely Clean Your Hacked WordPress Installation” by Smackdown is a good article on how to reinstall WordPress after being hacked, but take care to keep your export limited to the post content and comments (and Pages), not the entire database as the hack goes into the database.

WordPress has been requesting users update as soon as an update is released for several years. They also now have a excellent team to track down this issue and quickly protect WordPress with any necessary updates.

Please blog and Twitter about the attacks. It’s important that we spread the information throughout the WordPress Community as fast as possible, encouraging everyone to update WordPress. Take care not to promote rumors, just the facts, until we know more.

If you have pertinent information that will help the WordPress team track down and stop this attack, please report it to security@wordpress.org.

Check the WordPress Support Forum for more information and support. Also check for news and announcements on security issues and updates on the WordPress Development Blog and in your WordPress blog Dashboard Panel.

Please, keep your WordPress site constantly updated. You are now informed of updates directly through the Administration Panels. Act upon it.  The following are additional articles, posts about this security issue.

WordPress Codex – FAQ – My Site Was Hacked

Journey Etc – WordPress Permalink RSS Problems

Old Worldpress Versions Under Attack

SmackDown – How to Completely Clean Your Hacked WordPress Installation

WordPress Codex – Hardening WordPress (security protection)

BlogSecurity – WordPress Security Predictions in 2009

Technorati: Vulnerable WordPress Blogs Not Being Indexed

The Correct Way To Report A Security Issue With WordPress

Firewalling and Hack Proofing Your WordPress Blog

Smashing Magazine – 10 Steps To Protect The Admin Area In WordPress