Webloggers be warned: Wordpress v2.1.1 is compromised!
Monday 05 March 2007 at 09:38 amA recent emergency bulletin from Matt of the Wordpress weblogging software project is highly distressing to say the least: someone cracked one of the project's servers and inserted a pair of backdoors into v2.1.1, which make it possible for a malicious user to remotely execute aribitrary code on the server hosting a Wordpress blog.
What I want to know is this: Why wasn't the Wordpress project at the very least posting hashes of the distribution archives, or PGP/GPG signing the archives and posting detached signatures for the files? Looking at the Wordpress download page shows a pair of buttons for downloading .zip and .tar.gz archives of WP v2.1.2, but nothing that will verify the authenticity and/or integrity of the archives.
Fight Spam! Click Here!
Trackback link:
Please enable javascript to generate a trackback url