I've been acting on the assumption that WordPress 2.3.3 was a "safe" release. I certainly hadn't spotted any hacked blogs using 2.3.3 but poking around, I find these reports of compromised 2.3.3 blogs:
WTF? I'm going to continue assuming that 2.3.3 is secure and there was something else going on in those cases -- I'm expecting the WordPress developers to weigh in with a definitive statement on this (hello, anybody home?). Now, according to Blog Herald, the safe versions are 2.5, 2.3.3, 2.1.3, and 2.0.11 -- if that's the case, I'll incorporate that into another update to Technorati's crawler (though to date, 2.1.3 and 2.0.11 have so far been statistically insignificant).Folks need to keep getting the word out: friends don't let friends run vulnerable installations of WordPress. In the meantime, here's latest snapshot of the trailing 90 days of WordPress updates handled by Technorati:
Version | Count (in thousands) | Change |
---|---|---|
2.3.3 | 238 | -2 |
2.3.1 | 152 | -1 |
2.3.2 | 144 | +2 |
2.5 | 93 | +7 |
2.2.2 | 76 | +1 |
2.2.3 | 70 | +3 |
2.0.1 | 59 | 0 |
2.1.2 | 36 | -1 |
2.2.1 | 35 | 0 |
2.2 | 30 | -2 |
wordpress blogging security technorati spam
( Apr 09 2008, 11:40:45 PM PDT ) Permalink