If you’ve been to the WordPress Support Forum lately, you’ll see many complaints about 2.5.1 blogs being hacked. This is much ado about nothing and is caused by noobs (squab?) not realizing that when they upgrade a compromised blog, the bad stuff survives the upgrade unless specific steps are taken to remove it. Donncha, one of the WP devs, attempts to allay everyone’s fears with this post explaining how to spot a hack and a few common sense tips on how to keep your WordPress site secure.

Whoo (as she is known on the WP Forums) has a very handy little WordPress plugin that you should deploy on your WP site as soon as you can. If you run more than one WordPress blog or web site, then time’s wasting. Grab the VI-LOGGER plugin and install it on all your blogs, before hackers get in. If the unthinkable does happen, you’ll be better equipped to do damage control. Your web host will thank you, too. We plan to install this plugin on all our WordPress-driven sites and recommend it among our list of must-have WP Plugins.

Here are some links discussing ways to keep your web site in general, and your WordPress site in particular, safe from hackers.

1. WordPress Security Tips and Tricks
2. Lorelle on WordPress Security
3. WordPress Security Whitepaper
4. Matt Mullenweg on Recent SQL Injection Hacks
5. WTC’s Ten Security Plugins for WordPress
6. Preventing SQL Injection Attacks
7. Running a Secure Apache Server
8. PHP Shared Server Security

The bottom line is this: Upgrade WordPress when security patches are released. Don’t delay.