WordPress is one among the largest blogging engines. For the most advanced edition, 2.8, over 5,317,360 and counting downloads are there. Numerous reports say that older versions of WordPress are facing security threats. Many large blogs rely on WordPress to collect and to post the news online. Famous blogger Lorelle says that there are two clues to find out if your WordPress sites are attacked or not.
The first one is that there will be curious additions to permalinks. For example, .com/category/post-title/%&(%7B$%7Beval(base64_decode($_SERVER%5BHTTP_REFERER%5D))%7D%7D|.+)&%/. ‘base64_decode’ and ‘eval’ are the keywords.  The second one is that a the ‘hidden’ Administrator could create a ‘back door’. We can find out the hidden administrator by checking the site for ‘Administrator (2).’ A name which you could not identify also indicates that the site has been attacked. To prevent this attack, update your WordPress site to the latest version immediately. Set all your passwords to a strong new password. Make sure that we include access for all users, database, control panels, FTP etc. All these are highly recommended procedures.

WordPress’ parent company, ‘Automattic’  has not commented on this issue so far. We are keeping everyone updated. In the meantime, we urge you should immediately update your WordPress blog. The founder of WordPress, Matt Mullenweg mentioned that Automattic is not the parent company of WordPress. Like many other companies do, Automattic just contributes to WordPress.org. Mullenweg also published a blog post explaining what steps people should take in order to ensure that their WordPress blog is safe.