Comments on: WordPress 2.1.1 Users – Important Update

By: sremington » I Think I Took Enough Time Off

sremington » I Think I Took Enough Time Off — Fri, 16 Mar 2007 01:54:47 +0000

[...] It is amazing the things you miss online after being gone a few weeks. 3 weeks in cyber world is like 3 months in real life. I missed the whole Wordpress 2.1.1 hacking scare. Good thing I was only running 2.0.5. [...]

By: propaganda press - gunnin’ for freedom! » WordPress 2.1.1 Users - Important Update

Sun, 11 Mar 2007 18:22:48 +0000

[...] If you’re a WordPress user and are using version 2.1.1 it is crucial that you upgrade to the latest version (2.1.2) – particularly if you upgraded in the last 3-4 days. The reason is that there has been a hacker compromise that version and add/change code. March 11, 2007 · Wordpress · .adHeadline {font: bold 8.5pt Arial; text-decoration: underline; color: #0000FF;float: right;} .adText {font: normal 9.5pt Arial; text-decoration: none; color: #000000;float: right;} [...]

By: al-fallujah

al-fallujah — Sun, 11 Mar 2007 18:20:39 +0000

gracias

By: Experiences On Upgrading To WordPress 2.1.2 at AppMan

Experiences On Upgrading To WordPress 2.1.2 at AppMan — Sun, 11 Mar 2007 16:13:28 +0000

[...] Last week I read from Problogger.net that there’s a severe security issue with the WordPress 2.1.1 installation. A hacker had altered the WP source code, so it was important to make this upgrade. Thanks to the WP crew, there’s a really good guide for upgrading to WP 2.1.2. I thought about writing the instructions here, but the guide is so good and rich in detail, so there was no sense writing it all over again. But I wanted to share my thoughts on this upgrade and also add info about the tools that helped me. First, the time wasted on this upgrade must be massive. It took me 30-45 min to make the upgrade in addition to read the upgrade guide, so in total it took roughly 1 hour. Now think about those millions of WP users, that had to make this 1 hour effort… MILLIONS OF HOURS just because one individual had to show off his black hat skills. I hope you break your hand or something equally painful… I thank you for teaching me patience. [...]

By: Jim Sefton

Jim Sefton — Fri, 09 Mar 2007 12:32:48 +0000

I just want to add that if you are on a cpanel server and use WP through Fantastico they have updated to 2.1.2, however their version of 2.1.1 was not compromised anyway.

By: WordPress 2.1.2 Important Upgrade! If You Didn’t » D’ Technology Weblog — Technology, Blogging, Gadgets, Fashion, Life Style.

Mon, 05 Mar 2007 12:19:17 +0000

[...] Sure, most of you must have already upgraded, if not, and you haven’t heard the news yet. You should upgrade your WordPress 2.1.1 install right away. Don’t delay further, just download WordPress 2.1.2, and head over to updgradation. Long story short: If you downloaded WordPress 2.1.1 within the past 3-4 days, your files may include a security exploit that was added by a cracker, and you should upgrade all of your files to 2.1.2 immediately. [...]

By: David Precious

David Precious — Sun, 04 Mar 2007 17:51:07 +0000

“Does it compromise versions 2.1.1 AND LOWER, or simply 2.1.1?”

As already stated, it’s only 2.1.1 and only if downloaded in about the last week – but if you have 2.1.1 you should probably upgrade anyway to be safe, regardless of when you downloaded it.

I think it should be highlighted that the WordPress team have dealt with this in an open, professional and responsible manner. I’m sure they’ll take great care to ensure that this cannot happen again.

There’s upgrade instructions on the WordPress site at http://codex.wordpress.org/Upgrading_WordPress and I’ve also documented the steps I took on my blog at http://blog.preshweb.co.uk/?id=15

By: qianbloger

qianbloger — Sun, 04 Mar 2007 10:18:56 +0000

Thank you! I simply use my backup changing back to 6.11

By: ThemePress » Donncha: You didn’t hear? Upgrade now!

ThemePress » Donncha: You didn’t hear? Upgrade now! — Sun, 04 Mar 2007 07:00:58 +0000

[...] On the off chance that you haven’t heard the news yet. You should upgrade your WordPress install straight away. Don’t hesitate, do it now. Don’t pause to grab a cup of coffee. If you’re just waking up then rub the sleep from your eyes and jump to the download page and grab WordPress 2.1.2. [...]

By: one thing new » blog archive » Weekend Web Developer: My Wordpress plugins.

Sat, 03 Mar 2007 21:27:35 +0000

[...] 03 March, 2007 Having just upgraded my Wordpress installation because of a security flaw discovered last week, I’ve got Wordpress on the brain. And, while I’m still relatively new to the platform, I thought it would be fun to share with you the Wordpress plugins I’ve found useful so far. [...]

By: Impesud Technology / WordPress 2.1.1 Users - Important Update

Impesud Technology / WordPress 2.1.1 Users - Important Update — Sat, 03 Mar 2007 18:53:29 +0000

[...] Thanks to Probbloger [...]

By: Enrique

Enrique — Sat, 03 Mar 2007 14:33:25 +0000

Thanks everybody for your replies. I have an older version.
The problem I face with wordpress is that I made so many changes in the files that it would be a lot of work to upgrade.

By: Razeen

Razeen — Sat, 03 Mar 2007 12:41:06 +0000

Thanks for your info, i have been upgraded my wordpress.

“Does it compromise versions 2.1.1 AND LOWER, or simply 2.1.1?”

I think it just 2.1.1 version.

By: You didn’t hear? Upgrade now! at Holy Shmoly!

You didn’t hear? Upgrade now! at Holy Shmoly! — Sat, 03 Mar 2007 11:36:46 +0000

By: Dan Mossop

Dan Mossop — Sat, 03 Mar 2007 07:56:24 +0000

One thing everyone running a wordpress blog should do is subscribe to the wordpress development blog rss feed. That way, you get rapid notification of problems such as this, and you can reduce the time window during which your site is vulnerable. The feed is here:

http://wordpress.org/development/feed/

Dan Mossop
Website Security Services

By: Nocturnal

Nocturnal — Sat, 03 Mar 2007 05:58:07 +0000

Thanks. If I hadn’t seen your post I would have honestly never known.

By: Ashish Mohta

Ashish Mohta — Sat, 03 Mar 2007 05:12:16 +0000

Its good they found but now everbody will have a doubt everytime they upgrade.They have to come up with something strong

By: Steve

Steve — Sat, 03 Mar 2007 03:42:26 +0000

Boy am I glad I didn’t rush to “upgrade” to 2.1.1.

By: Nick

Nick — Sat, 03 Mar 2007 02:51:47 +0000

It compromises only 2.1.1. The article states that a hacker modified the download directly on wordpress.org in the last few days. Slightly older versions of 2.1.1 might not be affected, but it’s probably still a good idea to upgrade anyway. 2.1 and below do not have this problem. (Yay for being too lazy to upgrade!)

In short, to be safe, if you have 2.1.1, upgrade or you could be in for a very nasty surprise.

By: Laura

Laura — Sat, 03 Mar 2007 01:46:42 +0000

Enrique, it’s only 2.1.1.