Technosailor.com Readers! Donate today to assist the CHF International Haiti Relief in their efforts.

2 March 2007 7 Comments

EMERGENCY: WordPress 2.1.1 Hacked, Upgrade Released

Please, please, please go and upgrade your blogs right now if you are using WordPress 2.1.1. As Matt outlines, a hacker managed to gain access to the Automattic server with the file downloads and modified core files. The entire 2.1.1 version has been declared compromised and unsafe. Please heed this warning and go download 2.1.2 right now.

Update: Please direct all questions regarding this breach to 21securityfaq@wordpress.org.

That is all.

Pick up your copy of the WordPress Bible, a wildly popular resource for beginners and experts alike.

Written by Aaron Brazell on March 2, 2007

Popularity: 1% [?]

7 Responses to “EMERGENCY: WordPress 2.1.1 Hacked, Upgrade Released”

  1. Cathy Perkins 2 March 2007 at 6:17 pm #

    Thank you – Thank you.

    While I generally keep up with stuff from WordPress, I have been in the middle of several projects including a new WP install for a client! This definitely includes that install since it was done yesterday. I’ve already downloaded the upgrade and am getting ready to install it.

    Thank you again for this post.

  2. Jason 2 March 2007 at 6:18 pm #

    How about just the 2.1 version? Is it safe? My host doesn’t have the latest versions available for download yet.

  3. Aaron Brazell 2 March 2007 at 6:36 pm #

    Well, 2.1 is better than 2.1.1. I’d still prefer it if you installed 2.1.2 as there were other fixes from 2.1 to 2.1.1.

  4. Jonic 2 March 2007 at 10:26 pm #

    Cheers Aaron… It might have taken me a few days to have noticed that if you hadn’t have brought it to my attention…

    I should really get MU going for my 100yen blogs; It would save a lot of hassle with this upgrading business…

  5. CIO Jerry 4 March 2007 at 11:58 am #

    I’d appreciate more details to verify the 2.1.1 is a compromised version or not. Such details (and regular release notes) are somewhat lacking for wordpress.org releases, in my opinion.

  6. Cathy Perkins 4 March 2007 at 12:03 pm #

    Here is a link to the WordPress Development blog to verify the version: http://wordpress.org/development/2007/03/upgrade-212/

  7. Aaron Brazell 4 March 2007 at 12:21 pm #

    The entire 2.1.1 version has been declared unsafe. Therefore, you should assume your version is compromised if you run 2.1.1. The details are publically accessible on the blog of the security guy who reported the issue. Wordpress is not going to report the details as that would endorse the roadmap to exploit. That would be stupid. :)