I’m the first to admit that I can be a bit lazy when it comes to minor upgrades on packages. In fact, sometimes I intentionally wait, as new “features” often mean new bugs, and I prefer to see those bugs all shook out before I update my projects. But security updates, now that’s another story.
Which is why I freaked out a little when I received this message in my Facebook stream. Then I followed through to some of hte other posts on the subject and realized that this was the self-same bug that had been identified Auguest 12 and patched with Wordpress version 2.8.4.
We Mad Scientists are a competitive bunch. We don’t like other Mad Scientists hacking into our stuff and messing with it, so as a rule, we apply security patches as soon as we are aware of them! If you or your agency is a maintained client of Mad Science Department, you probably have little to worry about. If you do see a “security upgrade” warning in your admin panel, it’s probably a good idea to let us know, but nine times out of ten, we’re already upgrading all the installations we maintain.
This kind of attack brings up other issues as well. It’s important to make sure that you are backing up your databases and file system regularly, so that you don’t lose too much in the event of a successful attack. Your host may even provide tools to automate this on a cPanel. If you are a user (not a developer) handling your own Wordpress installation, be vigilant and make sure you update as needed! Those warnings and messages in the backend are there for a reason! If you have a developer helping you, they’ll know the difference between feature updates (nice to have, but sometimes buggy) and critical security updates. Don’t be afraid to ask how necessary a given update is!