If you have a WordPress blog older than version 2.8.3 then it is at risk of being hacked. There has been a lot of buzz within the WordPress and blogging community the past few days about the number of hacked WordPress blogs that attacks the database.
I normally don’t jump on the next version of WordPress until I see what all the buzz is about and make sure its stable. As I stated in a previous post, Another Security Release WordPress 2.8.4 about version 2.8.3 vulnerabilities I can’t stress it more. It seems that quite a few prominent WordPress blogs have been hacked this past weekend. The hack is in the form of a worm that attacks the database and once infected an upgrade, which only overwrites the core files, will not remove the worm. The only way to remove the virus is to remove it from the infected database.
The signs of an infected WordPress site are a new unauthorized administrator user account or strange additions to the trailing end of the permalinks. To check your WordPress blog in the dashboard go to Users and make sure there aren’t any administrators you haven’t authorized. Then view a single post and check the permalinks in the browser address bar.
If you have been hacked or want to learn more, Lorelle has a great post on her WordPress site here: Old WordPress Versions Under Attack