A worm affecting older versions of WordPress has been getting lots attention in recent days.  The worm takes advantage of a security flaw that allows it to register a new user, grant itself administrator privileges and wreak havoc with your permalink structure.

The good news is that, if you are running one of the two most recent releases of Wordpress (2.8.4 is the most current), your site is not susceptible to this problem.  As such, there is no specific patch for this vulnerability other than to upgrade to the most current release.

The WordPress Blog has additional details on this worm, as well as an FAQ if you believe your site has been affected.

WordPress 2.8.3 was released yesterday to provide a fix for a security related issue that existed in version 2.8.1.  The announcement in the WordPress Blog was short and to the point, indicating that privilege escalation issues were addressed in this release.  Because this release is security related, WordPress highly recommends that users upgrade.

The latest release can be found here.

If your WordPress blog requires users to log in, I’m sure you are already aware of the WordPress branded login and registration pages used. While it may be frustrating to bloggers and website owners, it can be downright confusing to your visitors.  Unless your site is technical in nature, your typical user has probably never heard of WordPress and may think they’re logging into a site other than yours when they see the WordPress logo.

Read the rest of this entry »