The source code of the latest version of Wordpress, the popular open-source blogging software, has been backdoored by malicious hackers, it has emerged.
WordPress creator Automattic Inc said that sometime last week a cracker broke into one of the organization’s servers and added a back door to version 2.1.1 of the PHP package.
Anybody who had downloaded and installed 2.1.1 over the space of three to four days would have added the back door to their own blog site.
This is the kind of thing you pray never happens, but it did and now we’re dealing with it as best we can, wrote Matthew Mullenweg, on the official WordPress blog.
If you downloaded WordPress 2.1.1 within the past 3-4 days, your files may include a security exploit that was added by a cracker, and you should upgrade all of your files to 2.1.2 immediately, he said.