“Upgrading is taking your vitamins; fixing a hack is open-heart surgery,” admonishes founding WordPress (news, site) developer, Matt Mullenweg, in a blog post concerning the platform’s recent security breach.
The particularly nasty worm has been quietly making its way into old versions of WordPress and wreaking tons of havoc. In fact, the bug is so bad that the only way to get rid of it is by exporting *all* of your content and totally removing your WordPress installation.
Users with versions older than 2.8.3 are susceptible, meaning today’s a good day to stop poking fun at WordPress’ frequent releases and actually take the time to update.
A Wormy Little Worm
Thankfully, it’s not totally incognito. It leaves a ton of broken links behind, like breadcrumbs to a disaster (the disaster being Google removing your site for being full of spam).
“A stitch in time saves nine”
Mullenweg makes use of this expression several times in his post, presumably partially because WordPress tends to catch a lot of flack for kicking out updates that are mere weeks apart. And, OK, we admit we’ve contributed to the jeering a time or two, but it’s always out of love. Honest.
The current version of WordPress, as well as the version just before it, is immune to this worm. If you’ve been thinking about upgrading but haven’t gotten around to it yet, now would be an awesome time to do so. After all, WordPress updates only require a handful of clicks to execute.
Open Heart Surgery
Check for a ton of broken links, strange additions to your permalinks (like "eval" or "base64_decode"), or an administrative account you don't recognize. If you've got one or any combination of these problems, it's likely that you've been bit by the bug already. Thankfully there are several detailed resources for you poor unfortunate souls.
If you're lucky enough to've avoided disaster, do the smart thing and upgrade.