I’ve been upgrading to the latest releases of WordPress as soon as each one comes out. And, its a good thing too.
Over the last week or two a website named “Wordpresz.org” ((I’ve edited the link so that it goes to WordPress.org instead. I don’t want contribute to these hackers fooling anyone else.)) was discovered. The people who created this website were using a vulenerability in WordPress version 2.6.2 to redirect users to their website. Their website purported to release WordPress version 2.6.41. The problem was that they had hacked one file in the installation package to create a bigger security vulerability.
This just goes to show that:
- Monitor for Updates. Many programs these days automatically check to see if new versions are available. If the program does not have this feature2 , its a good idea to check about once a month or so.
- Update Frequently. Not all software updates are equal. If the program is being updated to fix security vulnerabilities or improve the program’s stability, you definitely want to install the update. This website’s installation of WordPress was already “inocculated” against this kind of attack because I had alled version 2.6.3 almost as soon as it came out.
- Use Official Sources. WordPress is open source software built using PHP and MySQL. Since the program is open source, its easier to modify the code. ((As Uncle Ben said, “With great power comes great responsibility.”)) The themes and plugins available through WordPress.org are reviewed by other users for malicious code and for possible improvements. If you’re not certain how to examine source code for malicious code, its best to only use official sources.