Wordpress/Debian woes
Today I had problems with my Wordpress installation on my Debian server again. Somehow, somebody managed to get access to my Wordpress install and disable all the plugins, especially the Askimet plugin. Immediately, I got swamped with spam. I suspect that the Wordpress package in Debian stable is not really well maintained and vulnerable, so I upgraded to Wordpress 2.5 by backporting the unstable package. This was a very smooth process.
This is how it should work:
echo "deb-src http://ftp.de.debian.org/debian unstable main" >> /etc/apt/sources.list apt-get update apt-get build-dep libphp-phpmailer apt-get source -b libphp-phpmailer dpkg -i libphp-phpmailer_1.73-6_all.deb apt-get build-dep wordpress apt-get source -b wordpress dpkg -i wordpress_2.5.0-1_all.deb
Following that, I went to the wp-admin page, performed the DB upgrade and everything was fine. Very smooth. (I did a mysqldump before thought, just to be sure)
April 8th, 2008 at 5:47 pm
Hi,
The older versions of WordPress have huge security hole, and many folks have been affected (myself included).
For more info: http://blog.emptyway.com/2008/03/30/wordpress-25-and-security/
April 9th, 2008 at 3:41 pm
Vladimir,
Sometimes, the version number does not say anything in Debian. The 2.0.10 version in Etch has security fixes updated to 09 Feb 2008, according the changelog. The incident with this blog may be either an undocumented security bug or something after Feb 08.
April 9th, 2008 at 4:14 pm
“The older versions of WordPress have huge security hole, and many folks have been affected (myself included).”
Debian project fixes those holes in the version which is in stable. So version number really does not tell the whole truth.
If you install version from unstable, you will most likely install more broken version than what is in stable. New versios usually have new bugs which have not been found yet.