WordPress Security Threat: Old Versions Under Attack

There are reports that older versions of WordPress -- now at version 2.8.4, are exposed to security threats.

Two clues provided by Lorelle on WordPress blog that your non-up-to-date WordPress blog is under attack;
1) Strange additions to permalinks, such as example.com/category/post-title/%&(%7B$%7Beval(base64_decode($_SERVER%5BHTTP_REFERER%5D))%7D%7D|.+)&%/ The keywords are “eval” and “base64_decode.”

2) The second clue is that a “back door” was created by a “hidden” Administrator. Check your site users for “Administrator (2)” or a name you do not recognize.

To prevent this type of attack, you’re recommended to;

– Immediately update to the latest version of WordPress
– Change ALL passwords to a strong password immediately, including WordPress blog access for all users, database, FTP, control panels, everything.

WordPress, is the biggest open source publishing platform. It now counts over 5,317,000 downloads.

via [Lorelle on WordPress ]