By now you’ve heard about the recent fake WordPress 2.6.4 that included backdoored code, be sure to take precautions about your install. And to avoid problems, try to follow some tips I’ve given on securing your WordPress blog.
You’ve heard this news from everyone else so I won’t be doing more damage if I tell you that WordPress 2.6 is now officially available. There are lots of features to love about this one, but more importantly getting the latest version ensures that you are also using the most secure release available. And you need that, it’s a scary place out there.
Do you frequently download new WordPress themes for testing and use in your various problogs? Please be aware of this issue and take caution. Various exploitative sites have been “re–publishing” popular themes but with unwelcome additions that may cause unwanted results in your blog.
Derek Punsalan wrote about the problem after some of his themes were redistributed with malicious code added.
For now, the best solution is to get your themes from reputable publishers, directly from the theme authors themselves. The WP Theme Viewer is a good resource for finding quality themes. Another option would be to get PHP/WordPress developers knowledgeable with the platform to audit themes you intend to use to make sure they’re free of malicious code.