Wordpress hit by online attacks
Peter Moore looks at the news that Wordpress has become the latest victim of online hackers
————————————
This weekend Wordpress, one of the most popular open source blogging platforms, revealed that old versions of its software had been attacked by a potentially dangerous worm.
A statement released on Wordpress’ official blog noted that:
“Right now there is a worm making its way around old, unpatched versions of WordPress. This particular worm, like many before it, is clever: it registers a user, uses a security bug (fixed earlier in the year) to allow evaluated code to be executed through the permalink structure, makes itself an admin, then uses JavaScript to hide itself when you look at users page, attempts to clean up after itself, then goes quiet so you never notice while it inserts hidden spam and malware into your old posts.”
The appearance of the worm alarmed a worldwide network of Wordpress users, which includes millions of bloggers as well as organisations such as Ebay, the Daily Telegraph and Downing Street.
This latest attack suggests that Wordpress has become a victim of its own success. Wordpress blogging software is free to download while its infrastructure has been built by a global network of coders, making it an easy and obvious target for determined hackers.
To counter the growing threat posed by these hackers, Wordpress includes vital security updates in each of its new versions, which appear continuously throughout the year.
Each of these updates help to shut security holes, but as the code is open source (freely available to be viewed and developed) hackers can easily access it, study it and use this knowledge to target weak areas of coding with dangerous worms.
Writing in the Guardian, Charles Arthur speculated:
“Some people are already comparing it to Windows: such a big target that any attack is bound to hit some big fish, and plenty of little ones. And how many people have enough control or interest in their blog to go to the trouble of cleaning up? Windows botnets tell you what the situation is like on Windows. Spam comments tell you how things are in terms of cleaning up comments. And what about cleaning up the hacked content of your blog?“
This latest attack is being considered a vital moment in the emergence of Wordpress as an important ‘building block’ of the web. Over the weekend, hackers have proven that the Wordpress infrastructure is still dangerously fragile and the question remains – could this be a fatal flaw in the open source plan.
A list of ‘Things You Need to Know’ about this latest Wordpress attack has been published on Lorelle’s Wordpress blog.
————————————
Image credit: For Ever Young