There’s a worm on the loose and it’s attacking blogs and websites powered by Wordpress.

If you are using Wordpress, make sure that you are using the latest version. According to some Wordpress developers, this is the only way to secure your site.

Older Wordpress verions have security holes that are being actively exploited by hackers to inject spam links. You either Upgrade or Die. Not really, but your site may drop-off the search engine radar.

Matt Mullenweg (main developer of Wordpress) , wrote “The only thing that I can promise will keep your blog secure today and in the future is upgrading.”

Clues That Your Site Has Been Attacked :

1. Strange additions to the pretty permalink such as /category/post-title/%&(%7B$%7Beval(base64_decode($_SERVER%5BHTTP_REFERER%5D))%7D%7D|.+)&%/. Check Journeyetc.com on how to fix this.
2. A new “admin” user has been added.  Try to check your site users for “Administrator (2)”.This admin uses a javascript to hide itself. You can not even see his “presence” on your dashboard’s users page.