WordPress 2.1.1 harmful, Improve to 2.1.2 – San Francisco

WordPress 2.1.1 harmful, Improve to 2.1.2 – San Francisco

Lengthy story brief: In case you downloaded WordPress 2.1.1 inside the previous 3-4 days, your recordsdata might embrace a safety exploit that was added by a cracker, and it’s best to improve all your recordsdata to 2.1.2 instantly.

Longer rationalization: This morning we acquired a notice to our safety mailing tackle about uncommon and extremely exploitable code in WordPress. The problem was investigated, and it appeared that the two.1.1 obtain had been modified from its unique code. We took the web site down instantly to analyze what occurred.

It was decided {that a} cracker had gained user-level entry to one of many servers that powers wordpress.org, and had used that entry to switch the obtain file. Now we have locked down that server for additional forensics, however at the moment it seems that the two.1.1 obtain was the one factor touched by the assault. They modified two recordsdata in WP to incorporate code that will permit for distant PHP execution.

That is the form of factor you pray by no means occurs, nevertheless it did and now we’re coping with it as finest we will. Though not all downloads of two.1.1 have been affected, we’re declaring your complete model harmful and have launched a new version 2.1.2 that features minor updates and fully verified recordsdata. We’re additionally taking plenty of measures to make sure one thing like this may’t occur once more, not the least of which is minutely exterior verification of the obtain bundle so we’ll know instantly if one thing goes improper for any cause.

Lastly, we reset passwords for a variety of customers with SVN and different entry, so it’s possible you’ll have to reset your password on the forums earlier than you possibly can login once more.

What You Can Do to Assist

In case your weblog is working 2.1.1, please improve instantly and do a full overwrite of your previous recordsdata, particularly these in wp-includes. Take a look at your pals blogs and if any of them are working 2.1.1 drop them a notice and, in case you can, pitch in and assist them with the improve.

If you’re an online host or community administrator, block entry to “theme.php” and “feed.php”, and any question string with “ix=” or “iz=” in it. In case you’re a buyer at an online host, it’s possible you’ll wish to ship them a notice to allow them to learn about this launch and the above info.

Because of Ryan, Barry, Donncha, Mark, Michael, and Dougal for working by means of the night time to determine and tackle this downside, and because of Ivan Fratric for reporting it within the first place.

Questions and Solutions

Due to the extremely uncommon nature of this occasion and launch, we’ve arrange an electronic mail tackle 21securityfaq@wordpress.org that you would be able to electronic mail inquiries to, and we’ll be updating this entry with extra info all through the day.

Is model 2.0 affected?

No downloads have been altered besides 2.1.1, so in case you’ve downloaded any model of two.0 you need to be high quality.

What if we replace from SVN?

Nothing within the Subversion repository was touched, so in case you improve and keep your weblog through SVN there isn’t a likelihood you downloaded the corrupted launch file.

Cogknockers is a San Francisco WordPress Development Agency with 20+ Years Experience.  WordPress Design is at the core of our services.

Share this post

Share on facebook
Share on google
Share on twitter
Share on linkedin
Share on pinterest
Share on print
Share on email

Recent News


Scroll to Top