Skip navigation

Wordpress 2.8.4 Fixes A Big Security Hole

Time to upgrade your Wordpress sites. A vulnerability in versions prior to 2.8.4 could let the bad guys reset passwords. This particular problem might only be a nuisance since it doesn't necessarily let someone commandeer your user account.

But, there's a nasty worm infiltrating sites based on an older vulnerability in the code. So if you're running an older version of Wordpress - something prior to version 2.8.3 - then you might find your site has been taken over.

The worm takes advantage of a problem with the "permalink structure" (URL rewriting technology) used by Wordpress to infiltrate the system. It can then gain admin-level access to the blog and begin taking other actions, such as modifying post content, adding new comments, and so on.

Cleaning up after the worm isn't exactly simple in all cases either. It's much easier to keep the software up to date to avoid these kinds of problems.

You can get the latest Wordpress code at the site's download page.

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.