Wordpress.org Warns of Active Worm Hacking Blogs

Erik writes "Wordpress, the popular open-source Content Management System (CMS) for many thousands of bloggers worldwide, is under attack from a 'clever' worm that automatically compromises unpatched versions of the Wordpress system. The particularly nasty bug crawls the web for vulnerable Wordpress installations, installing malware, deleting content, and generally wreaking havoc wherever it can. Today, Wordpress founder Matt Mullenweg eloquently implored Wordpress bloggers to update more frequently. Originally, updating the Wordpress system was a rather laborious process; however, newer versions offer fast and simple one-click upgrades. The two most recent versions of Wordpress (2.8.3 and 2.8.4) cannot be attacked by the worm discovered this week, and blogs hosted at Wordpress.com are also apparently immune."

Instead of a passionate plea to the users...

[lennier]

... how about he makes a passionate plea to the PROGRAMMERS to say 'Guys, let's STOP PUTTING SECURITY HOLES IN OUR SOFTWARE?'

Just a thought.

It shouldn't be any user's problem to need to 'upgrade or get hacked'. If you're writing web software that's hackable, you're the one doing it wrong., not your users.