Here is what you need to know right now.
UPDATE NOW! Like immediately if not sooner.
Reports are that this attack impacts ALL versions of WordPress up to 2.8.4, which is the most recent release.
What Version Am I Using? If you are using a WordPress version after 2.7, at the top of the admin page you’ll see the little prompt to upgrade. Like this –
WordPress 2.8.4 is available! Please update now.
If your site has been upgraded you’ll see the version listed here…
The WordPress Community is Vigilant:
WordPress is incredibly secure and monitored constantly by experts in web security. This attack was picked up quickly and response was swift – WordPress 2.8.4 is secure. If necessary, WordPress will immediately release a update with further security improvements. WordPress is used by governments, huge corporations, and me, around the world. Millions of bloggers are using WordPress.com. Have faith they are working overtime to monitor this situation and protect your website and blog.
All Smarter Websites Clients Sites Have Been Upgraded So Don’t Panic!
If there are any other security issues we’ll update you.
How Do I Know If My Site Has Already Been Attacked?
There are two clues that your WordPress site has been attacked.
There are strange additions to the pretty permalinks, the website extensions in your browser address bar will be bizarre – something like www.yourdomain.com/andarangeofbizarreletters/numbersandcharacters
The second clue is that another “Administrator” has been created. Check your site users for “Administrator (2)” or a name you do not recognize. You will probably be unable to access that account.
If you want to read up on this go to the main WordPress Site.
But – For All the Smarter Websites Clients – Your Sites Have All Been Upgraded So Just Keep On Blogging!