While I was away over the weekend, it appears that a large number of bloggers who use WordPress have been hacked and a lot of damage has been done.  It seems this problem has shown up for a large number of people, including some very high profile bloggers.  Among them was Robert Scoble, whose blog was among those websites which were hacked.   Damages on Scoble’s site included porn information being placed in old posts, 2 entire months of content being deleted, and more.  Of course the porn then led to his blog being completely banned from Google!   Scoble is not the only one having these problems, however, and even lesser known bloggers have been attacked.  You can read more in this WordPress support forum thread.

If you are wondering what the one thing all of these WordPress sites have in common, the problem is they were all using old versions of WordPress.   As someone that owns and operates well over 100 WordPress installations, I certainly understand the pain it can be to upgrade to the latest version of WordPress every time a new release happens, but I hope this goes to show why it is so important to take the time to upgrade all of your WordPress installations be using the most recent version of WordPress.

Kyle Eslick is WordPress enthusiast who took his passion for WordPress to the next level in 2007 by launching WPHacks.com as a place to share hacks, tutorials, etc. Connect with Kyle on Twitter or Google+!

  1. It can take a lot of your time to upgrade your blog to the latest wordpress software if you a lot of blogs but it can save you a lot of pain later.

    Regular backups are also important!

  2. Andrew says:

    Backups can be a pain, but I have found that running my WordPress installation on a VPS with SSH access is very quick and simple, even quicker than the one-click upgrade within WordPress.

    I also thought Robert Scoble was using the VIP version of WP.com?? I’m not sure, but I thought the Automattic Team handled upgrades with the VIP WP.com.

  3. Sophie says:

    Do regular backups is a good tip. I use WP-DBmanager.

  4. Blaine Bullman says:

    Ya i’ve been hearing about this too about the admin page vulnerability. I agree, everybody who owns a blog should back-up there blog daily if they can or at least weekly.

  5. Jean says:

    Whoa, that’s a really scary situation :( This reminds me that I should look over all my websites and to make absolute sure they are all upgraded to the latest version of wordpress! It would be a nightmare for me if my personal blog were to be banned.

    Till then,

    Jean

  6. Compute Live says:

    I use WordPress Database Backup to backup my database.. I make a point to upgrade as soon as there is any updates….

  7. It’s amazing to me that people don’t keep their blogging software up to date, I know that it is a little stressful to do an upgrade but man is it worth it.

  8. Job done, all a bit scary…!

  9. Really good to know. I’d been putting off upgrading some older sites to wp 2.8, but now I think I’d go ahead. I’d never even thought about a solution for regular backups either. I’m farther behind the times than I thought. :o

  10. cheap linux web site hosting says:

    This has always been my concern. A new version WP comes out, you upgrade, but wait…now you have 15+ plugins that could possibly cause a vulnerability issue because v2.8.4.5.15.5.165 has been released. Now some of those plugins don’t work well with the new release because they require an update.

    What are folks using these days to back up their WP database that’s quick and easy?

    Larry

  11. Josh says:

    Does the hacker gain FTP access or just access to the admin section?

  12. That is the worst part about updating for me, most of my plugins have either errors or simply don’t work anymore. Argh, I guess you just have to update to protect yourself though.

  13. As far as I think about WordPress very safe, it is almost impossible to avoid all possible threats in internet. There will be always someone that just want to mess with you for fun, and there will always be someone that allow him specific knowledge or application. We live in an open world and with world wide web everyone can meed anyone.

  14. This just shows how important it is, not only to upgrade your software such as WordPress, but also your server & system software. And also how important it is to take backup (and be able to do a rollback – why take backup, if you can’t easily get the information back?).

  15. Rick says:

    Excellent advice. Updating is a pain, but this post reveals exactly why it is so important.

  16. pen tablet says:

    I agree that security is very important. And if we give hackers an opportunity to attack us, we can’t blame someone else for our laziness. I think that updating every program is essencial, also WordPress.

  17. feld says:

    Thanks for info, security is very important.

  18. talonecl says:

    absolutely!!you’ve post the right idea..security is really what matters regarding this topic..
    safety for every blog.

  19. Sam says:

    Excellent advice. Updating is a pain, but this post reveals exactly why it is so important.

Trackbacks/Pingbacks »

Tweetbacks »