If you are using an older version of WordPress other than 2.8.4 you are vulnerable to an attack.
The warning comes from Lorelle on WordPress after it was discovered that a nasty attack is exploiting security holes in previous versions of WordPress, creating a new “hidden” Administrator account and getting right down to the database level. These attacks are said to be “growing by the hour”. Lorelle writes:
There are two clues that your WordPress site has been attacked.
There are strange additions to the pretty permalinks, such as example.com/category/post-title/%&(%7B$%7Beval(base64_decode($_SERVER%5BHTTP_REFERER%5D))%7D%7D|.+)&%/. The keywords are “eval” and “base64_decode.”
The second clue is that a “back door” was created by a “hidden” Administrator. Check your site users for “Administrator (2)” or a name you do not recognize. You will probably be unable to access that account.
Please Upgrade for Gods sake, I dont want to see my readers or listeners get their sites hacked.
Also please download the WP- Security plugin from the WordPress.org site and make sure that all scans are GREEN.
How to know what version of WordPress you are using?
At the bottom right of every WP admin page it shows the version number.
How do I upgrade WordPress?
If you are using 2.8 or later its easy goto Tools > Upgrade and update your WordPress install for their.
If 2.8 or older you will have to download the latest version of WP from WordPress.org.
My WordPress site did get hacked!
All I can say is goto this site and it explains what to do,
http://smackdown.blogsblogsblogs.com/2008/06/24/how-to-completely-clean-your-hacked-wordpress-installation/
Written by Ben Straw
Topics: Blog, Software