Make Sure Your WordPress Is Up To Date

I heart WordPress. I was a long-time Movable Type user and advocate. When I started this blog in early 2008, I used it as an opportunity to learn and experiment with WordPress, and I’ve become as big a WP advocate as there is.

One of things that is very critical when it comes to WordPress is making sure your install is up-to-date. Security holes are quickly patched and old installations make easy targets for hackers and script kiddies worldwide.

There’s a pretty large-scale WordPress infestation going around right now. I’ve had to help a few bloggers I know with getting their installs cleaned out and up-to-date, in one case they had never updated beyond version 2.33 (2.8.4 is the most up-to-date).

If you are running a version earlier then 2.8.4, please update as soon as possible. WordPress has recently added in an auto-update functionality, but I still prefer the thoroughness of the WordPress Automatic Upgrade plugin. If you are running anything earlier than WordPress 2.7, that plugin will make your life much easier and you will be updated in just a few minutes automatically.

However, you may not know if your site has been hacked. If you are seeing URL’s like this one, you have been:

example.com/category/post-title/%&(%7B$%7Beval(base64_decode($_SERVER%5BHTTP_REFERER%5D))%7D%7D|.+)&%/.

This blog post has detailed instructions on how to clean out the hack (including getting rid of admin users the bad code creates).