I just upgraded this blog to the latest version of WordPress, due to a WordPress worm that was infecting all sorts of sites. I wasn’t vulnerable, but it doesn’t pay to be complacent.
The reason I wasn’t vulnerable is because the worm needs to be able to create an account, and I’ve disabled new account creation. I used to require an account to comment, as an anti-spam feature. Now I require people to answer a question about octopodes, or octopuses. Turns out the plural is questionable. Regardless, it has blocked 100% of the spam, and as long as I’m the only one using that question, it’s likely to remain effective.