Older WordPress version under a big security threat

[Andre]

We’re hearing of numerous reports that older versions of WordPress are exposed to security threats. WordPress is one of the largest blogging engines with over 5,317,360 - and counting - downloads for their latest version, 2.8. Many large blogs, including TechCrunch, rely on WordPress to get the news out and post content online.

Writes Lorelle on her WordPress-centric blog:

There are two clues that your WordPress site has been attacked:
First, there are strange additions to permalinks, such as example.com/category/post-title/%&(%7B$%7Beval(base64_decode($_SERVER%5BHTTP_REFERER%5D))%7D%7D|.+)&%/. The keywords are “eval” and “base64_decode.”
The second clue is that a “back door” was created by a “hidden” Administrator. Check your site users for “Administrator (2)” or a name you do not recognize.

To prevent this attack, if you have not done so already, update your WordPress install immediately to the latest version. Change all your passwords to a strong password (cough), including WordPress blog access for all users, database, FTP, control panels, etc. These are all highly recommended procedures.

 

[Mave]

Updating now O:

 

[Remis]

Again? There were many big security threats in this/last month.
A more secure blog system is serendipity. I don't say its better, but I know that its more secure. Moving from wordpress to s9y isn't worth it. But for the people who are planning a new blog I would recommend s9y.