It’s really tedious job to update and perhaps, patching from time to time. I should say, security comes with a great responsibility just like parking your car in a right place or locking your valuable computer when leaving.
Last week, users using older version of WordPress noticed unusual strings added to their blogs permalinks which makes a blog post link don’t work.
journeyetc.com responded and describe the attack:
“If you use wordpress, you should check ASAP your blog’s permalinks/rss feed.
If they are broken and look like this
‘error on line 22 at column 71: xmlParseEntityRef: no name wordpress’ for your feed
then you are the victim of the new hack attempt targeting our blogs.”
Affected users now faces the dilemma of upgrading and cleaning-up. The SQL injection attack leaves a backdoor in which even upgrading, may allow remote attacker to get in. I recommend further reading to this post, “Old WordPress versions under attack” by Lorelle.