If you are running an older version of WP version 2.8.3 or before you need to upgrade immediately. You risk having to re-install WordPress, this is a pretty major attack. If you host your blog at wordpress.com you are ok. This attack is reportedly growing by the hour.
Update: Matt at WordPress and some remarks from Robert Scoble on how bad this Worm that is attacking older WordPress installs is!
Crux of this story here is you better have backups of your sites at all times!
Tonight I was working on a website I have not touched in years. I decided to install WordPress on it and went looking for a new theme. Being the Theme directory at WordPress is useless in actually finding a topical theme I went to Search Google for WordPress Themes to see what other sites are out there.
I found a website with really nice themes that were free. Normally I have paid for each of my themes but I found a great one on the website. I downloaded it, and installed it in taking a close look at the page at the very bottom of the page I was shocked to see three linked url’s led to sites that I would never link to ever!. Here is what it looked like at the bottom of the browser window, believe me you do not want this on your website.
Loading the theme editor and looking at the code in the Footer I found that the author had encrypted php at the bottom of the page. Needless to say alarm bells went off big time and I deleted the theme from the site.
Do not and I repeat do not download WordPress themes from wordpressthemesbase.com they are running a link farm scam in all of the themes I downloaded that will cause you a lot of harm when Google indexes your page.
You may get a free Theme but you will be pretty disappointed when your page rank goes to zero!
Under the category of what was someone thinking!
When I read this morning that since the introduction of WordPress version 2.8 that WordPress only Pings sites once and hour I just could not believe. Can you imagine having the hottest news story of the year and when you publish your post that WordPress can wait as much as an hour before it pings the variety of sites telling them you have new content to be indexed.
This change was introduced obviously by someone that does not have a clue on how the real world web works these days. So a word of warning if you have published a couple of articles in a row and have a big scoop to publish you better post the scoop first so that it pings the quickest or hope someone comes out with a simple patch.
Note: PowerPress users do not need to worry we ping iTunes separately so this bug does not affect the updating of your show on iTunes.