Old WordPress Versions Under Attack

“There are two clues that your WordPress site has been attacked.

There are strange additions to the pretty permalinks, such as example.com/category/post-title/%&(%7B$%7Beval(base64_decode($_SERVER%5BHTTP_REFERER%5D))%7D%7D|.+)&%/. The keywords are “eval” and “base64_decode.”

The second clue is that a “back door” was created by a “hidden” Administrator. Check your site users for “Administrator (2)” or a name you do not recognize. You will probably be unable to access that account, but Journey Etc. has a possible solution.”
http://lorelle.wordpress.com/2009/09/04/old-wordpress-versions-under-attack/

How to Keep WordPress Secure

After having discussion web wide Matt finally wrote this article http://wordpress.org/development/2009/09/keep-wordpress-secure/ wonder why not people update their installs, reason they give aren’t good enough for they are compromising security for a little feature they love in form of plugins, many report upgrading breaks their installs, themes, plugins but these are only due to the host’s files restrictions and file quota and file counts, i have upgrade my local installs of both WordPress standard and MU, running with all kinds of themes and though i don’t use much of the plugins only the ones i love and there is a set of around 5-7 plugins but hadn’t faced any breaking on local installs, yeah at host’s server sometime there are fatal error warnings/errors