We live in a fast-changing world. For the past few weeks, I had neglected to upgrade to the latest version of WordPress, and this suddenly came back to bite me in the behind.
I was wondering why suddenly, after all these years when I no longer require commenters to sign up first as a user, I suddenly had 3 new users. What tipped me off was the third one, who named himself ‘Free P…rn’. Finally, I did what I should have done in the first place : I really read why the upgrade to 2.3.3 was necessary. In short, “a user can change blog posts of other users via an xml-rpc attack”. Ouch. So that was why I had 3 new users so suddenly.
So I’ve upgraded to the latest version of WordPress, deleted those 3 users, and am going to do some spot checks on my posts and comments to see if any have changed.
That’ll teach me to be complacent in this always-online, web-based world. Nowadays every spam-wannabe-king has a script that scours the internet for potential vulnerabilities and you just can’t upgrade whenever you feel like it.