Some sneaky hacker got into the WordPress download server and placed a backdoor in the latest available version (2.1.1).
Luckily within a day someone reported the exploit to the WordPress team and they took the site down to investigate.
This morning we received a note to our security mailing address about unusual and highly exploitable code in WordPress. The issue was investigated, and it appeared that the 2.1.1 download had been modified from its original code. We took the website down immediately to investigate what happened.
If you downloaded 2.1.1 as soon as it came out it should be ok, but a few days after that the compromised version was available.
Do install 2.1.2 and upgrade ASAP just to be safe.
If your blog is running 2.1.1, please upgrade immediately and do a full overwrite of your old files, especially those in wp-includes. Check out your friends blogs and if any of them are running 2.1.1 drop them a note and, if you can, pitch in and help them with the upgrade.
If you are a web host or network administrator, block access to “theme.php” and “feed.php”, and any query string with “ix=” or “iz=” in it. If you’re a customer at a web host, you may want to send them a note to let them know about this release and the above information.
I’m thankful that the WordPress team has dealt with this situation so efficiently and professionally and it just gives me more faith in their team.
Good job WordPress!
Do make sure you let anyone using 2.1.1 know about this so they can upgrade ASAP.
This is just another lesson on why it’s important to check the md5 sum of files before using them..