Comments on: Secure Wordpress with the first Wordpress Worm

By: Security Upgrade to WordPress Released–and easy must upgrade | A View from the Isle

Sun, 05 Aug 2007 16:52:03 +0000

[...] this week gHacks announced a “benevolent” WP fixing worm which Mark Jaquith responded to and let us know that an update to fix the problems was [...]

By: Alter Falter!

Alter Falter! — Fri, 03 Aug 2007 08:38:38 +0000

Trusting a worm to “fix” my Wordpress? Well, maybe later. After sueing myself for downloading illegal stuff from the internet.

By: Tris Hussey

Tris Hussey — Fri, 03 Aug 2007 01:49:55 +0000

Here is Mark’s post about it …

http://markjaquith.wordpress.com/2007/08/02/wordpress-worm/

By: Wordpress Worm that fixes Wordpress | The Sh17

Wordpress Worm that fixes Wordpress | The Sh17 — Thu, 02 Aug 2007 19:19:09 +0000

[...] a worm since it doesn’t really spread automatically and on its own, but anyway. I saw this on gHacks and thought it was [...]

By: Martin

Martin — Thu, 02 Aug 2007 17:40:59 +0000

Tris I think the author mentioned that he submitted the vulnerabilities to Wordpress and that most of them will be fixed in the next update.

Relying on files that are officially published by Wordpress is of course always better than a third party fix.. well, most of the time.

Did he mention which vulnerabilities they do not fix ?

By: Tris Hussey

Tris Hussey — Thu, 02 Aug 2007 17:32:59 +0000

Hey Martin I e-mailed this over to one of my friends who is a core WP developer (as in he can commit code to WP core … he’s that good) … he suggests NOT using this patch/worm. There will be an update soon to fix the most serious of the flaws, and you can get it now via the WP SVN repository.
http://svn.automattic.com/wordpress/branches/2.2/

Well meaning, I know, but maybe the best thing is for people to submit fixes to WP.org instead.

By: Ryan Wagner

Ryan Wagner — Thu, 02 Aug 2007 17:31:47 +0000

I’m surprised WordPress doesn’t put out a plug-in that can fix these issues in one click.