Fortunately, the fix is easy. Upgrade to the latest version of WordPress, which is version 2.8.4, and the security hole is closed. If you already have a recent version of WordPress, this is a cinch as you simply click the upgrade button in your dashboard. If not, download the latest version, unpack, and follow the instructions to upload and upgrade.
Before upgrading, though, here are the steps I would go through to back up everything and add additional layers of security to your blog:
1. Install the WP-DBManager plugin. I love this plugin because it gives you a lot of options and control when backing up your database. It also makes it very easy. I install this plugin right off the bat to every one of my client’s blogs.
2. Use the above plugin and backup your database. This is fast and takes just a couple of clicks. I usually keep a copy of the backup file on my harddrive and on the server.
3. I copy the entire wp-contents folder to my harddrive. This saves all of my custom themes file and all media in the uploads folder. Have a ton of pictures on your blog? This is where they’re stored…make sure to back that stuff up. This is just as important as backing up your database, IMO.
4. Do the WordPress upgrade. Check everything.
5. Install two security plugins for additional security: WP Security Scan and Secure WordPress. I think both of these are must-haves, so I include them for all my clients and with any new WordPress install.
You can read a very good article that gives more detail about the worm and WordPress security in general on Lorelle’s blog.
Don’t be a victim to the dreaded worm. Upgrade your blog and stay safe.