If you haven’t yet heard, there is a rapidly spreading hack of WordPress.org installations running deeply into our databases, and hard to fix. If you haven’t upgraded to version 2.8.4 yet, do so right now, before you finish reading this.
There’s something rather romantic, heroic about a poacher. The idea that all that rolling land, all our rivers, are owned by someone, and usually by someone so disgustingly rich they eat and drink the kinds of foods never seen by their tenant farmers or any local villager, is pretty abhorrent, really. But when the poacher attempts to steal your minute little hard-won corner of the internet, it’s quite a different story.
The current issue involves a rogue admin which creeps in via some faulty code and sets up an invisible super-user account. Here’s the git wot got in here overnight:
If your pretty date/name permalinks have been changed at all, or you have any funny or unfamiliar code in them, check your subscriber list. ‘JesusWesson63′ there was an invisible admin. If you have an invisible admin, the count on your admin user page will be one more than the names of your own familiar real life admin people listed. Page through to your most recent subscriber, and add (or subtract) one number to the ID in the url, until you find something resembling the page above, and search for the name in your subscriber list, then delete the thing.
There’s more here and there will no doubt be plenty coming on WordPress itself and further advice appearing online as this thing progresses in the course of the next few hours.
Please let everyone know. Tweet them, and mail or text all your WordPress-using friends, especially if you think they only drop in on the internet at work during the week.
Many, many thanks to my uber-geek knitting collaborator Lisa @risager for her support and help this morning. I’m off to put on my combats and away to try and catch a trout.
Update:
There’s been an announcement from Matt Mullenweg at WP. It’s more detail on how this happened, and urges us to upgrade. Please pass on, and/or the url to this blog post and make sure all your friends know to upgrade to 2.8.4, and maybe offer help if you can.
Update #2
This morning I noticed a drop of about a 3rd in the count from Feedburner of people who read this blog via RSS. On checking the url in the plugin settings, it had been changed. Do check all your settings via the various menus before you assume all is well again, and good luck.
Similar Posts:
Popularity: 3% [?]
4 Comments
I’m considering wordpress for a new blog, so the volume of posts on the subject of hacks is rather worrying, as is the apparent need for technical knowhow.
Yes indeed. WP.com is absolutely fine though, and tbh I wouldn’t hesitate to recommend it. It’s a far better system than it’s nearest rival. And the benefits of hosting your own (mostly all about how it looks) are pretty negligible now that most regular readers use RSS to read the pages anyway.
More importantly – a new blog?! Exciting. Can’t wait to see what you’re up to.
More of a long, dark journey so far, but it might get exciting once the first material is ready. I may just trial wp beforehand. Typepad ain’t bad, but it ain’t cheap either, so I’m considering the move.
Don’t know if you’re anti-spam filtered it but I had emailed you recently – it’d be good to visit you soon, see the gaff and say hello.
Let me know when you get it started.
Mailed me? Oh dear, sorry about that. Yes, it would be really good to show you No7. I’m sure there’s a direct train.
2 Trackbacks
[...] and more help [...]
[...] the fear and trembling over the many hacked blogs in version 2.7 a bit back, we were assured that the latest versions are pretty much secure. [...]