Someone has found a way to exploit a bug in older WordPress versions. The attack can be quite severe, and do permanent damages to your site. Lorelle has details of the attack and its symptoms. The best way to avoid this attack is to upgrade to the most recent version.
I received a couple of pings saying that WordPress is insecure and the community is irresponsible. By personal experience as a WordPress user and as a software developer, I think it is the exactly opposite. Some reasons:
- This attack is on the older versions. The couple of recent releases are immune to this attack. Which means that this security hole has already been plugged.
- It can happen with any software where security holes in older versions can be exploited. The recent case of Ruby On Rails is a good example. The alarming fact here is that there were significant number of installations with older versions.
- Considering that it is important to stay updated with the latest version, WordPress makes it easy to upgrade with automatic upgrades and a reminder about the upgrade right on the dashboard.
- Like many other open source projects, a lot of contributing members go through the WordPress code. This helps in proactively spotting bugs or security holes before the code gets released and in reacting quickly to avoid such attacks.
In spite of this, it is a fact that no software can be bug-free. There will be those who will keep looking at exploiting vulnerabilities. The best we can do, after releasing a version, is to have a way of tackling these attacks quickly and help those who are in panic. And I think WordPress has the most assured chance of doing this, because of its community and because it is open source.
