09-05-2009, 11:12 AM
|
|
WHT Addict
|
|
Join Date: May 2008
Posts: 124
|
|
All Wordpress Users Must Upgrade Now!
Seems to be a pretty serious situation going on. If you own a hosting company maybe make a note somewhere on your site alerting your clients. If you don't upgrade, your blog could potentially be hacked all the way down to the DB. Pretty scary.
>> Read
__________________
█ //VPS Blowout going on now! Can you believe it?
█ // Installation of any script i.e. Wordpress, theme or plugin(s) included!
█ //99.9% Uptime//Live Support//Awesome Deals!
█ // CubicHost.org
|
09-05-2009, 11:14 AM
|
|
Disabled
|
|
Join Date: Mar 2008
Posts: 630
|
|
Old news though, to be honest. Anyone who doesn't keep Wordpress up to date runs the risk of this and other known vulnerabilities and exploits, so there's nothing new here.
|
09-05-2009, 11:16 AM
|
|
WHT Addict
|
|
Join Date: May 2008
Posts: 124
|
|
Old news for many people here, but I doubt its old news for many of your clients if you run a business.
__________________
█ //VPS Blowout going on now! Can you believe it?
█ // Installation of any script i.e. Wordpress, theme or plugin(s) included!
█ //99.9% Uptime//Live Support//Awesome Deals!
█ // CubicHost.org
|
09-05-2009, 11:19 AM
|
|
Disabled
|
|
Join Date: Mar 2008
Posts: 630
|
|
Well clearly I do run a business, as my signature suggests.
The problem with this thread is that this is one of many known Wordpress vulnerabilities, so there's nothing new here at all. It's the age old "keep your scripts up to date or you may get hacked" adage.
Don't get me wrong, I and I'm sure others appreciate the notification, but it's common sense really.
|
09-05-2009, 11:28 AM
|
|
Junior Guru Wannabe
|
|
Join Date: May 2009
Location: Transylvania
Posts: 66
|
|
This is why it's important to protect yourself, like block at least some SQL-injection attacks using wp firewall plugin, (password) protect wp-admin directory, wp-login.php file or using login lockdown plugin to prevent bruteforce attack and so on...
__________________
█ SYN Gadget (!) Synchronous Gadget
█ It's All About Gadget, Gizmo, Hot Tech Stuff and So Many More!
█ SYN Gadget is Proudly Hosted by SYN Hosting
|
09-05-2009, 12:05 PM
|
|
Warp Speed!
|
|
Join Date: Feb 2008
Location: Houston, Texas, USA
Posts: 2,771
|
|
FYI, there's an upgrade plugin that will do it all for you. It's called "Wordpress Automatic upgrade."
Best
|
09-05-2009, 12:21 PM
|
|
Junior Guru Wannabe
|
|
Join Date: May 2009
Location: Transylvania
Posts: 66
|
|
Quote:
Originally Posted by UNIXy
FYI, there's an upgrade plugin that will do it all for you. It's called "Wordpress Automatic upgrade."
|
no such plugin needed. its just a matter of clicking one button on your dashboard should have an automatic upgrade function when you aren't up-to-speed.
__________________
█ SYN Gadget (!) Synchronous Gadget
█ It's All About Gadget, Gizmo, Hot Tech Stuff and So Many More!
█ SYN Gadget is Proudly Hosted by SYN Hosting
|
09-05-2009, 12:45 PM
|
|
WHT Addict
|
|
Join Date: Mar 2001
Posts: 147
|
|
Quote:
Originally Posted by JulesR
Old news though, to be honest. Anyone who doesn't keep Wordpress up to date runs the risk of this and other known vulnerabilities and exploits, so there's nothing new here.
|
This may be old news to system admins but there are many WP blog owners who are not aware. I have had numerous outdated WP blogs on my servers attacked with this particular exploit the past few days, so another announcement won't hurt.
|
09-05-2009, 01:22 PM
|
|
Web Host Extraordinaire!!!
|
|
Join Date: Dec 2007
Location: Indianapolis, Indiana USA
Posts: 14,333
|
|
Old news or not - advising people to upgrade their scripts is always a good thing.
__________________
█ Michael Denney - MDDHosting, LLC - Professional Hosting Solutions
█ LiteSpeed Powered - Shared, Reseller, Semi-Dedicated, and VPS
█ For high-end shared accounts ideal for business, check out our Semi-Dedicated offerings!
█ http://www.mddhosting.com/ - Providing Quality Services since 2007
|
09-05-2009, 01:30 PM
|
|
Disabled
|
|
Join Date: Mar 2008
Posts: 630
|
|
I agree, but it pretty much goes without saying  Otherwise you'd have a forum post every week; Upgrade Wordpress Upgrade PHPBB2, Upgrade vBulletin, Upgrade Mambo, Upgrade Joomla, etc etc.
|
09-05-2009, 01:34 PM
|
|
Web Host Extraordinaire!!!
|
|
Join Date: Dec 2007
Location: Indianapolis, Indiana USA
Posts: 14,333
|
|
Quote:
Originally Posted by JulesR
I agree, but it pretty much goes without saying Otherwise you'd have a forum post every week; Upgrade Wordpress Upgrade PHPBB2, Upgrade vBulletin, Upgrade Mambo, Upgrade Joomla, etc etc. |
True, probably better to start a blog and post it all there - less spammy
Funny enough the initial link is to a blog post haha
__________________
█ Michael Denney - MDDHosting, LLC - Professional Hosting Solutions
█ LiteSpeed Powered - Shared, Reseller, Semi-Dedicated, and VPS
█ For high-end shared accounts ideal for business, check out our Semi-Dedicated offerings!
█ http://www.mddhosting.com/ - Providing Quality Services since 2007
|
09-05-2009, 01:41 PM
|
|
Disabled
|
|
Join Date: Mar 2008
Posts: 630
|
|
CubicH-Gray: I hope you haven't taken what I've said personally, as that wasn't my intention at all. It's great you're informing people of these script issues, but there are so many different widely used scripts out there it's not really practical to do so here. Things like Kernel vulnerabilities that are relatively infrequent however, are definitely great things to post here.
Keep on fighting the good fight
|
09-05-2009, 02:09 PM
|
|
WHT Addict
|
|
Join Date: May 2008
Posts: 124
|
|
Quote:
Originally Posted by JulesR
CubicH-Gray: I hope you haven't taken what I've said personally, as that wasn't my intention at all. It's great you're informing people of these script issues, but there are so many different widely used scripts out there it's not really practical to do so here. Things like Kernel vulnerabilities that are relatively infrequent however, are definitely great things to post here.
Keep on fighting the good fight |
Understood. It's just there have been voluminous updates for WP, but while many fixed security vulnerabilities, none have been as serious as this in my opinion. Some people don't check their blogs daily and since this threat seems so imminent as described in the link, I felt like it was necessary to share.
__________________
█ //VPS Blowout going on now! Can you believe it?
█ // Installation of any script i.e. Wordpress, theme or plugin(s) included!
█ //99.9% Uptime//Live Support//Awesome Deals!
█ // CubicHost.org
|
09-05-2009, 02:24 PM
|
|
Disabled
|
|
Join Date: Mar 2009
Location: Toronto, Canada
Posts: 2,570
|
|
Thanks for the notice. It's true that scripts and software should be kept up to date regularly but this one sounds a bit more serious. Not all updates are released to prevent databases from getting hacked.
|
09-05-2009, 02:59 PM
|
|
Web Hosting Master
|
|
Join Date: May 2009
Posts: 1,341
|
|
Quote:
Originally Posted by igxhost
Thanks for the notice. It's true that scripts and software should be kept up to date regularly but this one sounds a bit more serious. Not all updates are released to prevent databases from getting hacked.
|
But its always safe to upgrade to the latest version.
All users should upgrade whenever there is a newer release. At present its current stable release is 2.8.4
Regards,
Alons
__________________
Softaculous - Auto Installer for cPanel, Direct Admin, InterWorx, Plesk, H-Sphere
The only Auto Installer that installs 260+ scripts. Install in just ONE STEP!
Virtualizor - VPS Control Panel supporting OpenVZ, Xen, KVM and has 60+ OS Templates
Webuzo - Softaculous for the Cloud i.e. Softaculous Standalone
|
| Thread Tools |
Search this Thread |
|
|
|
| Display Modes |
 Linear Mode
|
| Postbit Selector |
|
|
Posting Rules
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
HTML code is Off
|
|
|
|
|
|
| Login: |
|
|
| Advertisement: |
|
|
| Web Hosting News: |
|
|
|
