WordPress dangerous – upgrade immediately!!<\/p>\n
I hate running into messages like this after I am home and settled down for an hour of relaxing reading before heading off to bed. By chance, I was scanning the web2.ohh<\/a> blog and encountered an urgent message to WordPress users. Supposedly, a cracker gained access to the WordPress servers and inserted malicious code in the upgrade available for download. I think I upgraded before the date this exploit supposedly was added, but it was not worth taking the risk. So, it was back to the office to install the upgrade. I must stay on the good side of the security people.<\/p>\n I must admit I have wondered about this before. Wouldn’t joining an open source project and inserting malicious code in a component offer a relatively easy way to insert access opportunities in many servers? I suppose the open source community examines contributions carefully. This was not the reported cause of the WordPress problem because scripts in a couple of WordPress modules were modified after being approved for distribution. As I understand the danger, the modules would allow PHP code to be submitted remotely in a form that would be run by the server. In contrast, if I would enter PHP commands as I enter the text for this blog, the PHP commands should not be interpeted.<\/p>\n echo “hi”;<\/p>\n The night watchman always says the same thing – “Working late Dr. Grabe?”<\/p>\n