WordPress Dangerous – Upgrade

WordPress dangerous – upgrade immediately!!

I hate running into messages like this after I am home and settled down for an hour of relaxing reading before heading off to bed. By chance, I was scanning the web2.ohh blog and encountered an urgent message to WordPress users. Supposedly, a cracker gained access to the WordPress servers and inserted malicious code in the upgrade available for download. I think I upgraded before the date this exploit supposedly was added, but it was not worth taking the risk. So, it was back to the office to install the upgrade. I must stay on the good side of the security people.

I must admit I have wondered about this before. Wouldn’t joining an open source project and inserting malicious code in a component offer a relatively easy way to insert access opportunities in many servers? I suppose the open source community examines contributions carefully. This was not the reported cause of the WordPress problem because scripts in a couple of WordPress modules were modified after being approved for distribution. As I understand the danger, the modules would allow PHP code to be submitted remotely in a form that would be run by the server. In contrast, if I would enter PHP commands as I enter the text for this blog, the PHP commands should not be interpeted.

echo “hi”;

The night watchman always says the same thing – “Working late Dr. Grabe?”

Loading

Leave a Reply