Security problems in Wordpress open-source blogging platform 2.1.1 upgrade now

[Ryan56]

Users who have downloaded the 2.1.1 version of the open-source blogging platform WordPress should upgrade all files to 2.1.2 immediately, since they could include a security bug injected by a cracker who gained user-level access to one of the servers that powers wordpress.org, according to a release posted on WordPress' site on Friday. WordPress received a note on the project's security mailing address Friday morning regarding "highly exploitable code," the release said. After investigating the issue, the WordPress developers found that the 2.1.1 download had been modified from its original site. The Web site was taken down immediately for further forensic analysis.

"It was determined that a cracker had gained user-level access to one of the servers that powers wordpress.org, and had used that access to modify the download file," the release continued. "We have locked down that server for further forensics." At this point it looks like the 2.1.1 download was the only thing affected by the attack. The attacker(s) modified two files to include code that would allow for the remote PHP execution. "This is the kind of thing you pray never happens, but it did and now we're dealing with it as best we can," the release continues. Not all downloads of 2.1.1 were affected, but WordPress declared the entire version dangerous. Several WordPress developers worked through the night to release a new version, 2.1.2, that includes minor updates and entirely verified files.

[joseph0829]

i really want to update my current version of wordpress, v2.3.2, with its new release,v2.3.3, but i have doubts when updating it, because im afraid of loosing my posts though I know it was stored on my database but, i really dont know the whole process

[snoop1990]

Quote:

Originally Posted by joseph0829

because im afraid of loosing my posts though I know it was stored on my database but, i really dont know the whole process

Then just backup your hole blog ! I am not sure if there is any script available to do so, but in general you just have to compress all the files in your wordpress folder. (you can do that by using the cpanel file manager) Then store all your files to your computer or any other backup drive.

Also save all your database entries using the phpadmin located in cpanel (cpanel/databases) and save the databases to an file.

Then check your backup if everything works and then upgrade, this is the secure way for all of you who do not want to risk any thing. But in general an wordpress upgrade do not touch the database, it only might cause some incompatibility with custom made layouts.

For more information just contact the wordpress support center, because I am not that familiar with wordpress.

Regrades Snoop1990