Sometimes being lazy is a good thing. I was supposed to update my WordPress installation to version 2.1.1 last weekend, but I didn’t feel like checking what had changed exactly and if I needed the update. The short changelog said the update mostly consisted of small fixes and no critical stuff so I postponed.

Screenshot of WordPress website

It turns out the 2.1.1 update was quite critical after all:

Long story short: If you downloaded WordPress 2.1.1 within the past 3-4 days, your files may include a security exploit that was added by a cracker, and you should upgrade all of your files to 2.1.2 immediately.

It seems a cracker got access to a server that powers and was able to modify the download file.

More on this story at