There is a hacker out there at the moment, screwing wordpress blogs badly. He somehow creates a user account, sets himself up as an administrator, and yet is able to hide his account from the normal user accounts menu in wordpress admin!!! He then alters your permalink settings :-( - Meaning your blog posts can't be reached! There is some info in Google News on how to see if you have been attacked, and how to fix it here, as well as how to prevent yourself from being attacked again! http://news.google.com/news/search?pz=1&ned=uk&hl=en&q=wordpress+hacker Check your blogs guys... quickly! Sorry if this is posted in the wrong place, or if someone else has posted on this subject already, I just quickly popped this up as I have done deals with lots of bloggers here on DP forums over the years, and there are some great people here, I don't want them to get hurt !!! If you don't know how to figure out your old permalink structure, and you are worried about loosing serps, read here: http://news.google.com/news/search?pz=1&ned=uk&hl=en&q=recover+permalinks We wrote a couple of the stories above, but we did them in a rush, so I linked to the Google news results, rather than direct to the stories - that way if someone puts something better into the news, you will see that also, not just our rush job!!! Hope it helps guys
Actually this was a known issue for quite some time: http://wordpress.org/development/2009/09/keep-wordpress-secure/ If folks are going to run software that is known to be targeted, they need to be up on the updates. edit: Excuse me. Here's the news post about the security problem and the need to update. The first post I linked to was Matt whining about how it's everybody else's fault but his, a frequent excuse of his: http://wordpress.org/development/2009/08/2-8-4-security-release/
Activating automated updates in wordpress can save you from attacks, as you know attacks usually hit you when you do not expect them.
Too true! too true... Check the serps at the moment for 'wordpress hack' - seems to be a hot topic! Lesson on the need to update for everyone I guess!!!
Stupid spotty geeky teens with nothing better to do than hack all day why people go to that length just to ruin someones day.
In case you haven't signed up for wordpress' release notifications, go on over to: wordpress.org/download/ and register for their release notification newsletter. That way you will get a heads up that a new version has come out,
Good tips there folks, Thanx for the "heads up" & a timely reminder to be vigilant. Hope the people who are selling the "throw up a few WP sites & earn $$$'s" are passing these alerts onto their clients ..... Cheers, Ped
Upgrading seems to be the only solution. You could also use this code on Phpmyadmin to check whether your database has already been compromised. http://dougal.gunters.org/blog/2009/09/05/checking-your-wordpress-security