WordPress Security Vulnerability

Some period of time after WordPress 2.1.1 was released, one or more of the WordPress servers was breached and the attacker edited the PHP source of a handful of files within the 2.1.1 download files.

The WordPress crew were fast to react to the news and have released a statement, which states that they have boycotted the release of WordPress 2.1.1 as they don’t know exactly when the attacker breached their servers.

The WordPress development team have also released WordPress 2.1.2 which is recommended as a mandatory upgrade if you previously upgraded to WordPress 2.1.1 within the last week or so. I would expect that in the coming weeks, we’ll see some new security initiatives from the WordPress team to try and reduce the chances of this happening again in the future.