![](\"http:\/\/www.craigmurphy.com\/blog\/wp-content\/uploads\/2008\/11\/wordpresz264.jpg\")
<\/p>\nWhen I logged into my admin account for my WordPress blog, I was surprised to find this waiting for me in the dashboard:<\/p>\n
<\/p>\n
UPDATE 07\/11\/2008:<\/strong> Watch<\/a> a short (less than 60 seconds) video demonstrating the dashboard hijack.<\/p>\n UPDATE 08\/11\/2008:<\/strong> Cleaning up after the WordPress 2.6.4 incident<\/a>. Note that I did not install the fake 2.6.4, so it’s not a clean up for that scenario. <\/p>\n Wordpresz.org<\/strong> appears to be a spoof of wordpress.org. With the exception of the download link and one or two others (Facebook link, etc.) all the pages lead back to the front\/home page.<\/p>\n I’ve just downloaded the wordpresz 2.6.4 offering to see what’s different. If I find anything, and if time permits, I’ll update this post. <\/p>\n 22:26 UPDATE<\/strong> Item 1 – the download size is too round and is incorrect, it should be about 1.4mb in this case. <\/p>\n Item 2 – these are randomised over at WordPress.org, but are static at WordPresz.org. <\/p>\n Item 3 – The real WordPress.org has a “Showcase” link included.<\/p>\n Indeed, the source for both home pages reveals that WordPresz.org is simply an earlier snapshot of WordPress.org. <\/p>\n Looking at domain data for WordPresz.org, there are a few holes here. Google hasn’t indexed this site? What about the Alexa ranking?<\/p>\n Whereas, WordPress.org is pretty popular with Google and has an Alexa ranking.<\/p>\n 23:59 UPDATE The moral of this story: keep on top of WordPress updates and security fixes.<\/p>\n **<\/p>\n Images grabbed using TechSmith<\/a>‘s SnagIt<\/a> – an essential tool for developers and bloggers alike. With thanks to Betsy Weber<\/a><\/em><\/p>\n Technorati Tags: WordPress<\/a>, WordPresz<\/a><\/p>\n","protected":false},"excerpt":{"rendered":" When I logged into my admin account for my WordPress blog, I was surprised to find this waiting for me in the dashboard: UPDATE 07\/11\/2008: Watch a short (less than 60 seconds) video demonstrating the dashboard hijack. UPDATE 08\/11\/2008: Cleaning up after the WordPress 2.6.4 incident. Note that I did not install the fake 2.6.4, … Continue reading WordPresz 2.6.4 – fake?<\/span>
\nJust looking at the respective home pages for WordPresz.org vs WordPress.org, a few differences jump out – check out items 1, 2 and 3 below. <\/p>\n![](\"http:\/\/www.craigmurphy.com\/blog\/wp-content\/uploads\/2008\/11\/wordpresz264_1.jpg\")
<\/p>\n![](\"http:\/\/www.craigmurphy.com\/blog\/wp-content\/uploads\/2008\/11\/wordpresz_dom.jpg\")
<\/p>\n![](\"http:\/\/www.craigmurphy.com\/blog\/wp-content\/uploads\/2008\/11\/wordpress_dom.jpg\")
<\/p>\n
\nVia Clayton<\/a>, this<\/a> may well be part of the problem. There’s further comment<\/a> on the WordPress support forum too. I’ve since upgraded to 2.6.3 via the WordPress.org download. <\/p>\n