WordPress vulnerability

[Member Services]

If you are running a version of WordPress older than 2.8.4, your site is vulnerable to attack.

Please protect your website immediately! Upgrade to the latest version of WordPress.

Here's how to upgrade:

1. Go to http://login.cruzio.com/

2. Enter your Cruzio administrative login and password (not necessarily the same as your WordPress login and password) and click "Log In."

3. On the Plesk Login page, enter your login information again and click "Login" to be taken to your domain's control panel.

4. In the "Custom buttons" section, click the "Installatron Applications Installer" button.

5. Find WordPress in the list. To the right of it, click on the button with red text. It should show "Upgrade to" followed by the latest version number.

6. On the first two pages, click "Next." On the third page, find the line in bold labeled "Backup". Make sure "Yes, create a backup and let me choose what will be included in the backup" is checked. Below, you will see a list of files that will be in the backup. Click "Next".

7. Keep clicking the "Next" button until it gives you the message "Installatron is ready to upgrade." Then click "Submit".

8. When the upgrade is done, click the "Complete" button.

You will now have the latest version of WordPress installed on your website.

Be sure to look at your site after upgrading to make sure there aren't any problems. If you use third party WordPress plugins, you may have to upgrade them so that they continue to work properly.

To learn more about keeping Wordpress secure, visit:
http://wordpress.org/development/2009/09/keep-wordpress-secure/

If you have any other questions or concerns, please don't hesitate to contact us.

[Member Services]

This WordPress worm installs a dangerous back door to your site by creating extra admin-level WordPress users. To find out if you have extra admin users, and to remove them:

1. Login to your domain control panel at http://login.cruzio.com. You may need to log in twice.

2. In the Domains section, click the name of the domain you want to check. If you are on Host 6 or 7, this can be accessed by first clicking "Domains" under the Main Menu in the upper left hand corner.

   If you do not know what Host number you are on, after you log into your control panel, look at the URL at the top of your browser. You will see it start with 'https://host' followed by a number. That is the Host number you are on.

3. If you are on Host 1, 2, 3, 4, or 5, click "Databases" in the services section.

   If you are on Host 6 or 7,in the Applications & Services section, click the "Databases" icon.

4. Click the name of the database you want to check.

5. If your browser has a pop-up blocker, turn it off.

   If you are on Host 1, 2, 3, 4, or 5, click the "DB WebAdmin" icon in the Tools section.

   If you are on Host 6 or 7, click the "Webadmin" icon under the Tools section.

6. In the newly opened phpMyAdmin window, look at the left pane and click the link to the users table. (The prefix of this table name tends to vary, but the name will usually end with "_user" or "_users".)
7. In the right-hand pane, near the top, click "Browse". You should now see a list of your WordPress users.

8. Examine the list of users for extra admin users. One typical hacker-created user is WordPress, with a user_url of www.com. Others may use part of your original admin's email address or display name as the user login.

   If you're not sure which users are legitimate and which are hacker-created, compare the ones you see here to the list you see when you log in to your WordPress administration area and go to the Users screen. Hacker-created users will typically not appear at all in the WordPress admin Users screen.

9. In the phpMyAdmin screen, delete the hacker-created users by clicking the red X icon next to each.
10. Now that you've removed the unwanted users, change your own admin user password. In your WordPress admin area, visit Users -> Your Profile, go to the About Yourself section, and enter a new password twice. Choose a strong password! Click Update Profile to save your new admin password.