Now that is not a title you want to see when you first log into your blog after work. Especially when you only upgraded to WordPress 2.1.1 a few days ago.
From the WordPress Blog
Long story short: If you downloaded WordPress 2.1.1 within the past 3-4 days, your files may include a security exploit that was added by a cracker, and you should upgrade all of your files to 2.1.2 immediately.
I actually felt better after I read that. See, I may have only upgraded to WP 2.1.1 about 4 days ago but I downloaded the upgrade the day it came out 10 days ago. So I should have a clean upgrade. I also only upgraded those files listed as being changed instead of messing with the entire upgrade.
If you are running WordPress 2.1.1 this is what is recommended
If your blog is running 2.1.1, please upgrade immediately and do a full overwrite of your old files, especially those in wp-includes. Check out your friends blogs and if any of them are running 2.1.1 drop them a note and, if you can, pitch in and help them with the upgrade.
Since I’m confident that the download I had was clean I’m not going to spend tonight fretting about it. To be on the safe side, though, I will take this step over the weekend.
If you need to upgrade to WP 2.1.2 you can download the upgrade here.
jan says:
Makes my little tiny infrequent frustrations with Typepad seem petty.
3/2/2007, 9:07 pmjayne d'Arcy says:
I upgraded just two days ago, but through Fantastico, so I’m hoping that particular download was not affected.
3/2/2007, 9:10 pmLaura says:
jan, This is the first time this has happened so I’m not upset about it. I’ve used Typepad and WP and I find WP to be much more user friendly over all.
jayne d’Arcy, I think you should be okay. If I understood the post correctly Fantastico updates were fine.
Joefish says:
wordpress.org definitely got pwned on this one.
3/3/2007, 11:18 pm