WordPress Vulnerability in Version 2.8.3 or Older Allows the Creation of Hidden Admin Accounts

If you are a WordPress user running version 2.8.3 or older, then you simply CANNOT ignore this. Malware and Spam may soon bombard your system if you do not update immediately. A worm, which has been discovered by WordPress, has already been fixed in the version 2.8.4 security release.

A newly discovered WordPress security exploit or worm has the ability to take full control of a website running WordPress by making itself an administrator account. The vulnerability allows an attacker to start posting malware and spam to the website while also being able to disable any anti-spyware plug-ins. The new administrator user can be very difficult to detect as it uses Javascript to work undetected.

WordPress is the most widely used blogging software available. With thousands of users, WordPress is essential that webmasters and bloggers be notified of this issue and update to the latest release of WordPress immediately.

If you have been affected by the recent WordPress vulnerability, you will notice two clues which indicate your WordPress site has been infiltrated. There will be odd additions to the permalinks and the second clue will be that the virus or "hidden administrator" created a "back door". It is important to check your site for users named "Administrator 2" or other suspicious names.

For this problem, Journey Etc. has a possible solution and if you want to prevent your site from being targeted you will need to get the upgrade. To upgrade WordPress in one simple click, you should look at the InstantUpgrade plugin.

Ultimately, using the latest version or WordPress will help you stay secure from these viruses in the future but it is also important to ensure that your password can not easily be figured out. To ensure that you are using a strong password, you should visit "How Strong Is Your Password" and discover if your password is one that can be easily compromised.

Also follow @wordpress on Twitter to stay informed about the latest WordPress upgrades.

Do you blog and use WordPress as your choice of blogging software? If so, what version are you running? Do you use a "strong" password for your administrative login?