Take it from somebody who lost at least one whole blog entirely from the consequences not upgrading WordPress: Upgrading your installation or patch is essential. So read this from Ian Kallen.
Also what he added by IM yesterday:
| What’s happening is: spammers are taking over blogs, posting link farm links on them, obscuring their human visibility with CSS tricks but the links are still visible to crawlers… |
| All wordpress users that haven’t patched or upgraded to v2.3.3 are vulnerable. |
| Wordpress does not auto-update security fixes. |
| …Any help you can provide getting the word out would be a mitzvah |
I added the last link. 
17 comments
Comments feed for this article
Trackback link
http://blogs.law.harvard.edu/doc/2008/03/28/attention-wordpressers/trackback/
March 28, 2008 at 2:54 pm
Pingback from Boring Site Note: Just Upgraded to WordPress 2.3.3
March 29, 2008 at 8:13 pm
Pingback from Wordpress 2.5 har släppts i skarp version! | KATTKORGEN
March 30, 2008 at 8:48 am
Pingback from Hello Mary Lu » Blog Archive » Technology News: Change is Never Easy
March 31, 2008 at 7:59 pm
Pingback from Life is grand » Blog Archive » Hacked
March 28, 2008 at 3:15 pm
PXLated
That’s one reason I stay away from Wordpress, too many security problems and updating is a royal pain if you use a lot of plugins, etc.
See here - http://secunia.com/search/?search=Wordpress&w=0
March 28, 2008 at 4:33 pm
Derek K. Miller
Note that if you don’t want to do the whole upgrade rigamarole and want to fix the problem fast, you can download and replace only the xmlrpc.php file. I’ve done it on several WP blogs and none have been compromised:
http://wordpress.org/development/2008/02/wordpress-233/
March 28, 2008 at 6:15 pm
dave
you will really love 2.5 when it’s ready, though you can likely upgrade to the RC now…admin totally improved, security enhanced further..
March 29, 2008 at 4:13 am
rob friedman
With the new WordPress 2.5 RC’s there is a new automatic plugin upgrade feature, making plugin upgrades simple.
The only hard part is upgrading the WordPress itself, but even that is trivial if you use the subversion method.
When 2.5 goes final it should be interesting.
March 29, 2008 at 9:44 am
Doug
There is also the auto upgrade plugin which makes life easy, http://wordpress.org/extend/plugins/wordpress-automatic-upgrade/
March 29, 2008 at 10:40 pm
REBLogGirl
I have to agree with PXLated. WP is just too insecure. Matt and his crew just write bad code and bod code leads to one thing… security issues. I’m sure there are still security holes in the new version as well having seen enough of their code in the past- remember this is the same guy that thinks PHP5 is BAD and IRRELEVANT.
March 30, 2008 at 3:10 am
AZ of Mattress Toppers
i upgraded to the latest version just a week ago.
Thanks for the info
March 30, 2008 at 7:44 pm
Doc Searls
REBLogGirl, are Matt & crew the only ones writing Wordpress? Last I looked it was an open source project.
March 31, 2008 at 4:11 am
kyle
I’m confused. Does this apply to wordpress blogs installed on a separate domain, or hosted on wordpress.com, or both? Thanks.
March 31, 2008 at 12:41 pm
Ron of Somali Web Design
Kyle, This only applies for wordpress blogs installed on a separate domains.
FYI, all new version of Wordpress 2.5 has been released containing many new features.
April 2, 2008 at 10:45 pm
Christopher Myers
Thanks for the clarification between separate domains and wordpress.com hosted.
May 2, 2008 at 11:50 pm
robin Sing
I have been afraid to upgrade but after reading this I guess it’s really nothing to worry about.
May 2, 2008 at 11:51 pm
Barry Cunningham
I understand that it is open source and I also understand REBloggirl’s point, ..but can’t there be a concerted effort to close the bad links in the chain?