Wordpress users have been encouraged to update to to the latest version of Wordpress, currently at 2.8.4. It appears there is a nasty worm going around attacking Wordpress sites.
No matter which CMS you're using, I know there is a certain segment of you that will ignore upgrading your site's software to a more secure version. I can understand why some of you might not want to update to the latest feature release of a CMS as it could break obsolescent features. However, I'll never understand why some of you won't upgrade to the latest version of a software package that addresses security vulnerabilities. If you value your site then you need to also value keeping your site updated with the most secure version of your CMS.
Wordpress users better not respond that it's too hard to keep their CMS updated. In case you didn't know, it only takes one click to upgrade your Wordpress site automatically.
