Wordpress has experienced a major security vulnerability, with a worm making its way around the 'Net, attacking earlier versions of WordPress. Fortunately, because of the hard work of the Wordpress open source community, the current (2.8.4) and most recent (2.8.3) versions are immune. Yet as with any piece of program, some users haven't upgraded. In the case of Wordpress (which we use at the TLF), upgrading can be difficult for sites that rely on plug-ins that aren't always updated quickly when a new version of WordPress is released.
While my heart goes out to my fellow Wordpress bloggers who may have experienced an attack, I'm just glad that, for once, the message isn't that somehow we need the government to protect us all from cyber-catastrophes, but, instead, a little good-old-fashioned digital self-help! From the Wordpress Blog:
WordPress is a community of hundreds of people that read the code every day, audit it, update it, and care enough about keeping your blog safe that we do things like release updates weeks apart from each other even though it makes us look bad, because updating is going to keep your blog safe from the bad guys. I'm not clairvoyant and I can't predict what schemes spammers, hackers, crackers, and tricksters will come up with with in the future to harm your blog, but I do know for certain that as long as WordPress is around we'll do everything in our power to make sure the software is safe. We've already made upgrading core and plugins a one-click procedure. If we find something broken, we'll release a fix. Please upgrade, it's the only way we can help each other.