I got an email from an internet marketing buddy of mine, with the subject line “Have you been hacked?”
After opening the email I learned that is very successful web site had been hacked by using a back door found in his wordpress installation. If you are using a version of wordpress earlier then 2.8.6 they you maybe vulnerable to attack.
Here’s what is posted on http://wordpress.org
WordPress 2.8.4: Security Release
Posted August 12, 2009 by Matt. Filed under Releases, Security.
Yesterday a vulnerability was discovered: a specially crafted URL could be requested that would allow an attacker to bypass a security check to verify a user requested a password reset. As a result, the first account without a key in the database (usually the admin account) would have its password reset and a new password would be emailed to the account owner. This doesn’t allow remote access, but it is very annoying.
We fixed this problem last night and have been testing the fixes and looking for other problems since then. Version 2.8.4 which fixes all known problems is now available for download and is highly recommended for all users of WordPress.
WordPress 2.8.6 Security Release
Posted November 12, 2009 by Ryan Boren. Filed under Releases, Security.
2.8.6 fixes two security problems that can be exploited by registered, logged in users who have posting privileges. If you have untrusted authors on your blog, upgrading to 2.8.6 is recommended.
The first problem is an XSS vulnerability in Press This discovered by Benjamin Flesch. The second problem, discovered by Dawid Golunski, is an issue with sanitizing uploaded file names that can be exploited in certain Apache configurations. Thanks to Benjamin and Dawid for finding and reporting these.
Get WordPress 2.8.6.
If you have ever tried to upgrade your wordpress before, you know it’s pretty difficult.
I found a plugin that upgrades your wordpress automatically (Automatic Worpress Upgrade Plugin)
Once installed all you have to do is click on upgrade. Then it takes you through five or six screens of questions (you simply click on continue to the next page). The plugin downloads and installs the new version of wordpress, as well as backs up and updates your SQL database.
Tags: affiliate marketing, how to install wordpress blog, wordpress 2.8.6
I read the information posted on this blog and I am concerned about what i read. I am not only new to affiliate marketing but also to the huge world of the internet. I would like to recieve some more information about this topic to ensure that I am protected from an attack of this sort. Thank you.
Thank you for this valuable information. All this is new to me. A matter-of- fact most thanks are new to me. However, I will take your advice when it come to “WordPress”.
Again, thank you!
Thank you for this valuable information. All this is new to me. A matter-of- fact most thanks are new to me about the internet. However, I will take your advice when it come to “WordPress”.
Again, thank you!
it is good that we as marketers have you to look out for us i think that in so many ways ,people just take the time to damage others goog int.
people like that have know way of fixng proble with electronics i will be in lots of trouble
I think, to be a good affiliate marketer is the hardest thing to do as a blogger, you must have huge traffic to get the possible buyer and also you have to build your own audience, because honestly i’ve never made a single sale with my first blog
I usually don’t post in Blogs but your blog forced me to, amazing work.. beautiful …