Written on March 3rd, 2007 at 08:03 am by Darren Rowse

WordPress 2.1.1 Users – Important Update

Blogging Tools and Services 24 comments

If you’re a WordPress user and are using version 2.1.1 it is crucial that you upgrade to the latest version (2.1.2) – particularly if you upgraded in the last 3-4 days. The reason is that there has been a hacker compromise that version and add/change code.

For further details see the WordPress Blog

PS: Thanks to the many people who emailed me about this. I did see it first on the WP blog before checking email this morning.

Share This

Learn how to earn more using your blog

Get more traffic, income, & loyal readers

  • Proven techniques I use for my own blogs
  • Tools & services I recommend
  • Exclusive tips to make blogging easier & more profitable

Email:

31DBBB.png

24 Responses to “WordPress 2.1.1 Users – Important Update” - Add Yours

  • Funky Gadget Guy

    March 3rd, 2007 9:33 am

    Aaaahhhh… secruity update… quick…. do it now!

  • Armen

    March 3rd, 2007 10:19 am

    I hate to hijack a post, but I have to ask on a blog that has ‘knowledgable’ users.

    What is the suggested and most commonly used time frame for the maximum visit length? You know, the amount of time that has elapsed since a visitor last visited a page on your website, before that visitor is then considered unique again.

    I would have thought 24 hrs, but I’ve read suggestions that it should be around 6 hrs. What do you think? I’m wanting my ’stats’ to be accurate.

    P.S. I don’t mind if you delete this Darren, just as long as you send me an email with the answer. ;-)

  • Enrique

    March 3rd, 2007 11:30 am

    Does it compromise versions 2.1.1 AND LOWER, or simply 2.1.1?

    Thanks,

    Enrique

  • Saman

    March 3rd, 2007 11:36 am

    Did you all notice that Firefox’s Spell Check is working in Wordpress 2.1.2’s Rich Text Editor again?!

  • Laura

    March 3rd, 2007 11:46 am

    Enrique, it’s only 2.1.1.

  • Nick

    March 3rd, 2007 12:51 pm

    It compromises only 2.1.1. The article states that a hacker modified the download directly on wordpress.org in the last few days. Slightly older versions of 2.1.1 might not be affected, but it’s probably still a good idea to upgrade anyway. 2.1 and below do not have this problem. (Yay for being too lazy to upgrade!)

    In short, to be safe, if you have 2.1.1, upgrade or you could be in for a very nasty surprise.

  • Steve

    March 3rd, 2007 1:42 pm

    Boy am I glad I didn’t rush to “upgrade” to 2.1.1.

  • Ashish Mohta

    March 3rd, 2007 3:12 pm

    Its good they found but now everbody will have a doubt everytime they upgrade.They have to come up with something strong

  • Nocturnal

    March 3rd, 2007 3:58 pm

    Thanks. If I hadn’t seen your post I would have honestly never known.

  • Dan Mossop

    March 3rd, 2007 5:56 pm

    One thing everyone running a wordpress blog should do is subscribe to the wordpress development blog rss feed. That way, you get rapid notification of problems such as this, and you can reduce the time window during which your site is vulnerable. The feed is here:


    http://wordpress.org/development/feed/

    Dan Mossop
    Website Security Services

  • You didn’t hear? Upgrade now! at Holy Shmoly!

    March 3rd, 2007 9:36 pm

    [...] On the off chance that you haven’t heard the news yet. You should upgrade your WordPress install straight away. Don’t hesitate, do it now. Don’t pause to grab a cup of coffee. If you’re just waking up then rub the sleep from your eyes and jump to the download page and grab WordPress 2.1.2. [...]

  • Razeen

    March 3rd, 2007 10:41 pm

    Thanks for your info, i have been upgraded my wordpress.

    “Does it compromise versions 2.1.1 AND LOWER, or simply 2.1.1?”

    I think it just 2.1.1 version.

  • Enrique

    March 4th, 2007 12:33 am

    Thanks everybody for your replies. I have an older version.
    The problem I face with wordpress is that I made so many changes in the files that it would be a lot of work to upgrade.

  • Impesud Technology / WordPress 2.1.1 Users - Important Update

    March 4th, 2007 4:53 am

    [...] Thanks to Probbloger  [...]

  • one thing new » blog archive » Weekend Web Developer: My Wordpress plugins.

    March 4th, 2007 7:27 am

    [...] 03 March, 2007 Having just upgraded my Wordpress installation because of a security flaw discovered last week, I’ve got Wordpress on the brain. And, while I’m still relatively new to the platform, I thought it would be fun to share with you the Wordpress plugins I’ve found useful so far. [...]

  • ThemePress » Donncha: You didn’t hear? Upgrade now!

    March 4th, 2007 5:00 pm

    [...] On the off chance that you haven’t heard the news yet. You should upgrade your WordPress install straight away. Don’t hesitate, do it now. Don’t pause to grab a cup of coffee. If you’re just waking up then rub the sleep from your eyes and jump to the download page and grab WordPress 2.1.2. [...]

  • qianbloger

    March 4th, 2007 8:18 pm

    Thank you! I simply use my backup changing back to 6.11

  • David Precious

    March 5th, 2007 3:51 am

    “Does it compromise versions 2.1.1 AND LOWER, or simply 2.1.1?”

    As already stated, it’s only 2.1.1 and only if downloaded in about the last week – but if you have 2.1.1 you should probably upgrade anyway to be safe, regardless of when you downloaded it.

    I think it should be highlighted that the WordPress team have dealt with this in an open, professional and responsible manner. I’m sure they’ll take great care to ensure that this cannot happen again.

    There’s upgrade instructions on the WordPress site at http://codex.wordpress.org/Upgrading_WordPress and I’ve also documented the steps I took on my blog at http://blog.preshweb.co.uk/?id=15

  • WordPress 2.1.2 Important Upgrade! If You Didn’t » D’ Technology Weblog — Technology, Blogging, Gadgets, Fashion, Life Style.

    March 5th, 2007 10:19 pm

    [...] Sure, most of you must have already upgraded, if not, and you haven’t heard the news yet. You should upgrade your WordPress 2.1.1 install right away. Don’t delay further, just download WordPress 2.1.2, and head over to updgradation. Long story short: If you downloaded WordPress 2.1.1 within the past 3-4 days, your files may include a security exploit that was added by a cracker, and you should upgrade all of your files to 2.1.2 immediately. [...]

  • Jim Sefton

    March 9th, 2007 10:32 pm

    I just want to add that if you are on a cpanel server and use WP through Fantastico they have updated to 2.1.2, however their version of 2.1.1 was not compromised anyway.

  • Experiences On Upgrading To WordPress 2.1.2 at AppMan

    March 12th, 2007 2:13 am

    [...] Last week I read from Problogger.net that there’s a severe security issue with the WordPress 2.1.1 installation. A hacker had altered the WP source code, so it was important to make this upgrade. Thanks to the WP crew, there’s a really good guide for upgrading to WP 2.1.2. I thought about writing the instructions here, but the guide is so good and rich in detail, so there was no sense writing it all over again. But I wanted to share my thoughts on this upgrade and also add info about the tools that helped me. First, the time wasted on this upgrade must be massive. It took me 30-45 min to make the upgrade in addition to read the upgrade guide, so in total it took roughly 1 hour. Now think about those millions of WP users, that had to make this 1 hour effort… MILLIONS OF HOURS just because one individual had to show off his black hat skills. I hope you break your hand or something equally painful… I thank you for teaching me patience. [...]

  • al-fallujah

    March 12th, 2007 4:20 am

    gracias

  • propaganda press - gunnin’ for freedom! » WordPress 2.1.1 Users - Important Update

    March 12th, 2007 4:22 am

    [...] If you’re a WordPress user and are using version 2.1.1 it is crucial that you upgrade to the latest version (2.1.2) – particularly if you upgraded in the last 3-4 days. The reason is that there has been a hacker compromise that version and add/change code. March 11, 2007 · Wordpress · .adHeadline {font: bold 8.5pt Arial; text-decoration: underline; color: #0000FF;float: right;} .adText {font: normal 9.5pt Arial; text-decoration: none; color: #000000;float: right;} [...]

  • sremington » I Think I Took Enough Time Off

    March 16th, 2007 11:54 am

    [...] It is amazing the things you miss online after being gone a few weeks. 3 weeks in cyber world is like 3 months in real life. I missed the whole Wordpress 2.1.1 hacking scare. Good thing I was only running 2.0.5. [...]


Comments will be closed off on this post 90 days after it is published. Apologies to those this impacts but it's a regrettable and temporary measure to combat a growing comment spam problem. See our most recent posts where you can comment here.

Close
E-mail It