What's That Noise?! [Ian Kallen's Weblog]

All | LAMP | Music | Java | Ruby | The Agilist | Musings | Commute | Ball
« Stature In The Blogo... | Main | Trustworthy Blogging »

20080409 Wednesday April 09, 2008

WordPress Pandemic Chronicles - 2008-04-09

I've been acting on the assumption that WordPress 2.3.3 was a "safe" release. I certainly hadn't spotted any hacked blogs using 2.3.3 but poking around, I find these reports of compromised 2.3.3 blogs:

WTF? I'm going to continue assuming that 2.3.3 is secure and there was something else going on in those cases -- I'm expecting the WordPress developers to weigh in with a definitive statement on this (hello, anybody home?). Now, according to Blog Herald, the safe versions are 2.5, 2.3.3, 2.1.3, and 2.0.11 -- if that's the case, I'll incorporate that into another update to Technorati's crawler (though to date, 2.1.3 and 2.0.11 have so far been statistically insignificant).

Folks need to keep getting the word out: friends don't let friends run vulnerable installations of WordPress. In the meantime, here's latest snapshot of the trailing 90 days of WordPress updates handled by Technorati:

VersionCount (in thousands)Change
2.3.3238-2
2.3.1152-1
2.3.2144+2
2.593+7
2.2.276+1
2.2.370+3
2.0.1590
2.1.236-1
2.2.1350
2.230-2
It's encouraging to see the numbers for 2.5 going up strongly: 7000 more WordPress 2.5 blogs updated since yesterday's trailing 90 days. Seems like the small flaps for the other versions are a wash.

         

( Apr 09 2008, 11:40:45 PM PDT ) Permalink


Comments:

Post a Comment:

Comments are closed for this entry.