Cracker Modifies 2.1.1 Download Files on WordPress Servers

By Posted 2007 Updated   BloggingSecurityWordPress

f you downloaded WordPress 2.1.1 in the last few days as part of your WordPress upgrade, its time to upgrade again to WordPress 2.1.2. A cracker gained user-level access to one of the servers that powers wordpress.org, and modifed the wordpress download files. Although not all downloads of 2.1.1 were affected, they declared the entire version dangerous and have released a new version 2.1.2 that includes minor updates too.

The official word from wordpress is that if you are still on WordPress 2.1.1, then perform a full overwrite of old files via FTP. They advise webhosts can vlock access to theme.php and feed.php and selected query strings.

My first reaction was since the problem occurred for last 3-4 days and I downloaded it on the day of launch, maybe I could skip the upgrade. Then I read Mark’s post which says it is a mandatory security upgrade for all users of 2.1 or 2.1.1 as it has several security fixes.

Since everyone knows your wordpress version, protect you blog and Download WordPress 2.1.2 today.


Leave a Reply

Your email address will not be published. Required fields are marked *




css.php