Is your WordPress blog food for worms?

Is your WordPress blog running on the latest version of the self-hosted blog software? If not your blog could quickly become food for worms - well, one worm in particular that is doing the rounds of out-of-date, unpatched WordPress blogs.

This worm exploits a security bug that allows evaluated code to be executed through the permalink structure, makes itself an admin user, then uses JavaScript to hide itself so you can't see it if you look at the users page - it also attempts to clean up after itself and finally inserts hidden spam and malware into your old posts.

The danger of a worm like this is that your website could be banned from Google for hosting malware or being used for spamming.

The cure is a simple one, thankfully, just make sure you are running the latest version of WordPress, 2.8.4

In fact, the security vulnerability was fixed in the previous release, so you can get away with running 2.8.3. But upgrading WordPress has been made simpler over the versions and now it really is a "one-click fix".

As a hosting company we promote this type of news as we believe this simple upgrading is part of being a good 'virtual' neighbour to other users on shared web servers. If you allow your blog to be breached by this worm and be banned from Google, then other customers who share your web server (and its IP address) could also find their websites removed from Google's index - guilt by association!

So please take a few seconds to check that your WordPress blog software is 2.8.3 or higher - and hope that your virtual neighbours are doing the same!