A few words about the RISKS of WordPress 1.2, 1.5, 2.0 or anything less than 2.0.4

Summary

As the security risks in legacy versions of WordPress become more widely known, the hacking of sites that haven’t updated will become a more common event. Your site about pet rocks or the joys of train spotting may not be at the top of the attack lists, but you probably don’t want to loose everything you’ve ever written either.

Google searches can identify you as a vulnerable site and as simple defacements become boring, the deletion of posts and comments will become an east way to wrack up points on the hacker bragging lists and punish those “stupid enough” not to upgrade.

The danger of having your name on the “Vulnerable Sites” list will only increase.

The general WordPress user may not get a sense of urgency from the release announcements. So, this article will attempt to describe the danger in continuing to rely on old software and trusting it to keep your website safe.

Conclusion

I know… I know!

The conclusion is supposed to come at the end of the article. Yeah, but this message it too important to be at the end!

Here it is: If you are not running WordPress 2.0.5: upgrade today! Based on exploits already publish, available and used on the web, all of the work you’ve put into your blog could be lost.

Right now a large number of people have the knowledge to:
1. Erase any/all of your posts or comments.
2. Replace your admin password with one of their own choosing.
3. Replace files on your system including index.php.
4. Run commands against your database.
5. Grab any file with a known file name from your directory – even php files – even those with your database password.

In short, they have the ability to use your site to do whatever they want WITHOUT you having to click on anything. Now, most of these holes were closed with WordPress 2.0.3, but it still leaves some LARGE holes open even in 2.0.4. There is no reason not to upgrade to a more recent version right now.

If your convinced, great. Go out and download 2.0.5. If your not convinced, read on and these pages will hopefully scare the willies out of you and get you to upgrade!

5 Comments

Add a Comment

Your email address will not be published. Required fields are marked *