WordPress Attack
 In WordPress

WordPress WormOver the US Labor Day weekend, older (pre 2.8.4) versions of WordPress were reportedly attacked by a worm which inserts hidden spam and malware into your old posts.

Here’s what the New Tricks Team recommends:

  • From the WordPress dashboard, select ‘Tools; Backup’. If you don’t already have the WP Database Backup plugin, then install it from ‘Plugins; Add New’.
  • Backup a copy of your WordPress site. You can download the backup to your local machine, send the backup to your email address or store it on your server.
  • For double protection, go ahead and create an xml export of your content (‘Tools; Export’).
  • Disable your plugins (from the WordPress Dashboard, select ‘Plugins’. Then, select all of your Plugins by checking the box at the top. Choose, ‘ Deactivate’ from the Bulk Actions Dropdown then ‘Apply’).
  • Upgrade to WordPress 2.8.4 (Either follow the prompt at the top of your Dashboard or select ‘Tools;Upgrade’).
  • Reactivate your plugins. We recommend reactivating them one by one in case one doesn’t work with the latest WordPress release.

Here is some additional info on the attack:

Please note that the threat is just for WordPress.org users – if you have a WordPress.com blog, then there is no need to lose sleep.

Recent Posts

Leave a Comment