Performancing Metrics

A Subtle Reminder to Upgrade Your Blog Software

Donncha gives WordPress users a reminder to upgrade our WordPress blogs in light of possible security risks. Donncha know you have to upgrade WP!? Okay, bad pun. At any rate, this is in view of well-publicized attacks last April which has probably left a lot of WordPress-powered blogs still vulnerable. I myself found that a good number of my personal blogs had been affected, with passwords saved on my root folder in clear text, extra admin-level users in the database, and some theme files modified.

Donncha recaps the possible symptoms of this particular hack (and possibly others, too), which include:

  • Hidden code
  • Hidden admin-level users, visible only in database tables
  • Blog and database passwords, saved as clear-text files
  • Code disguised as JPG files
  • Bots trying to break in (can be checked via the logs)

And the steps recommended to mitigate or at least minimize the risks are to:

  • Upgrade your blog software to the latest version
  • Check your database for unknown or malicious insertions or entries
  • Check your web folder and subdirectories for malicious files
  • Check your theme files (and perhaps even core blog software files) for insertions

To the untrained eye, most of these steps might not be too easy, but if you’ve been working on blogs for some time now, it won’t be too difficult to spot these problems. For me, perhaps the best way to mitigate the risks is by doing a full export of blog content, and comments, backing up media files and plugins wiping the entire hosting account clear, doing a fresh blog software install, and importing the content. The plugins and media files should then be added back, making sure you only put in the necessary plugins (i.e., don’t upload plugins that you won’t activate anyway), and media files that you have verified to be clean.

Categories: Blogging Tips

This post was written by . You can visit the for a short bio, more posts, and other information about the author.

Comment with Your Facebook Account


  1. Michael says: 6/11/2008

    It’s amazing to me that people don’t keep their blogging software up to date, I know that it is a little stressful to do an upgrade but man is it worth it.


  2. Gustavo Leig says: 6/11/2008

    When you say Export, you mean a MySQLdump export?
    importing means a mysql import?


  3. J. Angelo Racoma says: 6/12/2008

    Gustavo, WordPress, for instance, has a built in export/import function, which you can use to export posts and comments from one blog and import to another (or to the same blog, with a fresh install). That’s an XML dump.


  4. Gustavo Leig says: 6/12/2008

    Thank you Angelo,

    I new that but I just got confused between the two methods your were mentioning. Do you believe that export/import through the wordpress admin has any advantage than doing from the mysqldump method?
    thx again…


  5. 5001 says: 6/12/2008

    we know that updating is important but is mysql method more advantage than this?


  6. Jeffro2pt0 says: 6/13/2008

    Good sound advice. Generally, I keep my plugins and WordPress install up to date. It’s not really that hard of a process to update a WordPress installation. Hopefully, 2.6 brings us automatic core upgrade functionality


  7. replica louis vuitton handbags says: 5/5/2012

    Loved looking over this publish, I can find out more about examples of the other internet sites from a recommendations and find out exactly what other than them I would be capable of learn.