WordPress Blogs under Attack by a Computer Worm

All those WordPress blogs that are not updated to the latest version available are under a severe threat of being attacked by a computer worm sooner or later.


Only the self hosted WordPress blogs are under this attack and not the ones that are hosted at wordpress.com. The latest version available as of today is the 2.8.4 and those not operating on it are sincerely advised to upgrade.

Following are the clues by which you can check if your WordPress blog is attacked or not:

•    There are strange additions to the pretty permalinks, such as example.com/category/post-title/%&(%7B$%7Beval(base64_decode($_SERVER%5BHTTP_REFERER%5D))%7D%7D|.+)&%/. The keywords are “eval” and “base64_decode.”

•    The second clue is that a “back door” was created by a “hidden” Administrator. Check your site users for “Administrator (2)” or a name you do not recognize. You will probably be unable to access that account.

Thus it is advised to take all your backups and start upgrading your blog to the latest version available

[Via Lorelle on WordPress]

Leave a Reply