Dear WordPress users: The sky is not falling. Yes, there’s a worm in the wild that is attacking older versions of WordPress. This is not a new scenario. It’s what malicious software crackers do: they write code that exploits vulnerabilities. It happens to operating systems, it happens to web browsers, and yes, it happens to blog software.
The solution to avoid being attacked is to keep WordPress up to date. With current versions of WordPress, that’s literally a two-click process. If that’s too difficult, then you need to either use the hosted WordPress.com system (where Automattic will keep the entire infrastructure up to date), or hire a system administrator to spend a few minutes to keep your software in shape.
Matt Mullenweg gives his perspective of how to keep WordPress secure.
Yes, it sucks if your blog gets attacked. It wasn’t your fault. But much like the car owner who leaves doors unlocked and is then burglarized, there are things to do to protect oneself and minimize the risk. The best protection against a WordPress security issue is to keep one’s blog up to date.