Did you know that the latest version of WordPress contains at least seven security vulnerabilities that could compromise your blog? If you use WordPress you should make sure that to fix them as soon as possible. The easiest way to fix them right now is to use the first WordPress worm - a good one - as it fixes all seven vulnerabilities on affected websites.
The process requires faith that the xss worm is really fixing the vulnerabilities but the use is actually very easy. About faith: I have not read negative reviews so far and the worm has been released two days ago which should be enough time for some experts to complain about it.
If you want to secure your blog you simply write a comment on your own blog while you are logged in as the administrator linking to http://mybeni.rootzilla.de/mybeNi/ ; Click on that link from your admin panel afterwards which will lead to the site.
The first page explains what will be done and only if you actively click on "Secure my Blog" the vulnerability scan will be started. It will check three WordPress files for the vulnerabilities and offer to fix them if the vulnerability is found.
The vulnerabilities can only be fixed if the files are writable so make sure they are. An alternative would be to copy the code that will be inserted and add it manually in the files. The complete code of the file is shown and the addition is highlighted.
I suggest to run the worm a second time to make sure that your blog is safe and that the fixes have been applied.
Update: It is no longer necessary to do so as WordPress has resolved all the vulnerabilities in newer versions. There are however a couple of things you can do to protect your WordPress blog. Among the options are to enable two-factor authentication which protects accounts with a second layer of protection.Advertisement
Advertising revenue is falling fast across the Internet, and independently-run sites like Ghacks are hit hardest by it. The advertising model in its current form is coming to an end, and we have to find other ways to continue operating this site.
We are committed to keeping our content free and independent, which means no paywalls, no sponsored posts, no annoying ad formats or subscription fees.
If you like our content, and would like to help, please consider making a contribution:
Ghacks is a technology news blog that was founded in 2005 by Martin Brinkmann. It has since then become one of the most popular tech news sites on the Internet with five authors and regular contributions from freelance writers.