Secure Wordpress with the first Wordpress Worm

Posted by Martin in Tools  Tags: , , ,

2

Aug


Did you know that the latest version of Wordpress contains at least seven security vulnerabilities that could compromise your blog ? If you use Wordpress you should make sure that to fix them as soon as possible. The easiest way to fix them right now is to use the first Wordpress worm - which is a good one - to fix all seven vulnerabilities for you.

The process requires some faith that the xss worm is really fixing the vulnerabilities but the application itself is easy. About the faith: I have not read negative reviews so far and the worm has been released two days ago which should be enough time for some experts to complain about it.

If you want to secure your blog you simply write a comment on your own blog while you are logged in as the administrator linking to http://mybeni.rootzilla.de/mybeNi/ ; Click on that link from your admin panel afterwards which will lead to the site.

The first page explains what will be done and only if you actively click on “Secure my Blog” the vulnerability scan will be started. It will check three Wordpress files for the vulnerabilities and offer to fix them if the vulnerability is found.

The vulnerabilities can only be fixed if the files are writable so make sure they are. An alternative would be to copy the code that will be inserted and add it manually in the files. The complete code of the file is shown and the addition is highlighted.

I suggest to run the worm a second time to make sure that your blog is safe and that the fixes have been applied.


Related Posts

7 Users Commented In This Post

Subscribe To This Post Comment Rss Or TrackBack URL
MyAvatars 0.2
Ryan Wagner says, August 2nd, 2007   

I’m surprised WordPress doesn’t put out a plug-in that can fix these issues in one click.

MyAvatars 0.2
Tris Hussey says, August 2nd, 2007   

Hey Martin I e-mailed this over to one of my friends who is a core WP developer (as in he can commit code to WP core … he’s that good) … he suggests NOT using this patch/worm. There will be an update soon to fix the most serious of the flaws, and you can get it now via the WP SVN repository.
http://svn.automattic.com/wordpress/branches/2.2/

Well meaning, I know, but maybe the best thing is for people to submit fixes to WP.org instead.

MyAvatars 0.2
Martin says, August 2nd, 2007   

Tris I think the author mentioned that he submitted the vulnerabilities to Wordpress and that most of them will be fixed in the next update.

Relying on files that are officially published by Wordpress is of course always better than a third party fix.. well, most of the time.

Did he mention which vulnerabilities they do not fix ?

MyAvatars 0.2
Wordpress Worm that fixes Wordpress | The Sh17 says, August 2nd, 2007   

[...] a worm since it doesn’t really spread automatically and on its own, but anyway. I saw this on gHacks and thought it was [...]

MyAvatars 0.2
Tris Hussey says, August 3rd, 2007   
MyAvatars 0.2
Alter Falter! says, August 3rd, 2007   

Trusting a worm to “fix” my Wordpress? Well, maybe later. After sueing myself for downloading illegal stuff from the internet.

:)

MyAvatars 0.2
Security Upgrade to WordPress Released–and easy must upgrade | A View from the Isle says, August 5th, 2007   

[...] this week gHacks announced a “benevolent” WP fixing worm which Mark Jaquith responded to and let us know that an update to fix the problems was [...]

Leave Your Comments Below
Hello, please leave your thought below

Please Note: Comments may need to approved by admin. so there's no need to resubmit your comments.