A Stitch In Time
If you’re using a self-hosted blog running WordPress and you haven’t upgraded for a while I would highly recommend upgrading. From the official WordPress blog (by Matt):
A stitch in time saves nine. I couldn’t sew my way out of a bag, but it’s true advice for bloggers as well — a little bit of work on an upgrade now saves a lot of work fixing something later.
The tactics are new, but the strategy is not. Where this particular worm messes up is in the “clean up” phase: it doesn’t hide itself well and the blogger notices that all his links are broken, which causes him to dig deeper and notice the extent of the damage. Where worms of old would do childish things like defacing your site, the new ones are silent and invisible, so you only notice them when they screw up (as this one did) or your site gets removed from Google for having spam and malware on it.
All software has bugs. It’s inevitable. Developers can’t possibly write perfect code – the longer a program is the more bugs there are in it. WordPress is a large application and the developers are fixing bugs all the time, but new ones appear with every new feature and no amount of PHP pesticide will ever stamp them completely out.
Where there are bugs there are ways for people to exploit an application, and there have been some nasty exploits around recently.
Matt is right in his post – get your installation upgraded as soon as practical after a new release so that these sorts of exploits can be kept to a minimum