Comments on: EMERGENCY: WordPress 2.1.1 Hacked, Upgrade Released

By: Aaron Brazell

Aaron Brazell — Sun, 04 Mar 2007 17:21:59 +0000

The entire 2.1.1 version has been declared unsafe. Therefore, you should assume your version is compromised if you run 2.1.1. The details are publically accessible on the blog of the security guy who reported the issue. WordPress is not going to report the details as that would endorse the roadmap to exploit. That would be stupid. :)

By: Cathy Perkins

Cathy Perkins — Sun, 04 Mar 2007 17:03:10 +0000

Here is a link to the WordPress Development blog to verify the version: http://wordpress.org/development/2007/03/upgrade-212/

By: CIO Jerry

CIO Jerry — Sun, 04 Mar 2007 16:58:15 +0000

I’d appreciate more details to verify the 2.1.1 is a compromised version or not. Such details (and regular release notes) are somewhat lacking for wordpress.org releases, in my opinion.

By: Jonic

Jonic — Sat, 03 Mar 2007 03:26:58 +0000

Cheers Aaron… It might have taken me a few days to have noticed that if you hadn’t have brought it to my attention…

I should really get MU going for my 100yen blogs; It would save a lot of hassle with this upgrading business…

By: Aaron Brazell

Aaron Brazell — Fri, 02 Mar 2007 23:36:43 +0000

Well, 2.1 is better than 2.1.1. I’d still prefer it if you installed 2.1.2 as there were other fixes from 2.1 to 2.1.1.

By: Jason

Jason — Fri, 02 Mar 2007 23:18:08 +0000

How about just the 2.1 version? Is it safe? My host doesn’t have the latest versions available for download yet.

By: Cathy Perkins

Cathy Perkins — Fri, 02 Mar 2007 23:17:41 +0000

Thank you – Thank you.

While I generally keep up with stuff from WordPress, I have been in the middle of several projects including a new WP install for a client! This definitely includes that install since it was done yesterday. I’ve already downloaded the upgrade and am getting ready to install it.

Thank you again for this post.