It is an old song. I’ve sung it for years.
UPDATE WORDPRESS NOW!
Reuters was hacked recently and many blame WordPress, though most honest reporters are quick to state that it is the webmaster/site owners fault for not updating. Seems they were running a version from over a year ago.
According to PC Magazine’s Security Watch:
With the latest attack, [Mark] Jaquith said there was still no way to know whether the outdated version was the culprit, “unless Reuters shares what they’ve learned about the breaches.” He said it was just as possible the attackers got onto the server some other way, and once in, went looking for the WordPress installation.
…”WordPress and its Plugins are definitely primary attack vectors for many attacks,” Carey said.
Attacks on the platform are also not that unusual. There have been many WordPress blogs over that past year that have hacked with the Black Hole exploit kit to serve up malware.
“This isn’t a knock on WordPress directly: the blame lies with site owners and administrators who fail to keep up with patches,” Carey said, adding that while updating software is a “basic step,” there is “evidence of a lack of execution in this area.”
While it is easy to blame WordPress, remember that it’s your job to keep the site updated. WordPress is amazingly responsive when a vulnerability is found.
Here is the rule of thumb to follow:
- If a full update is released, update within a few days. WordPress is tested extensively nowadays before it is released to the public, so trust it. keep WordPress Themes and Plugins updated, too, and you will rarely have compatibility issues.
- If a mandatory update is released, update immediately. There are no compatibility issues, nor upgraded features to worry about. It is a security fix so respond immediately to protect yourself.
Hackers, evil doers, and time wasters are targeting WordPress because it is the Windows of its day. It’s a big target.
Luckily, WordPress is up to the challenge.
Don’t risk it. Update now.
- What You Most Need to Know About WordPress
- Defying Brute Force Attacks on WordPress Logins
- Security and Protection: Understand the Social in a Crime Network and How to Protect Yourself
- Is Your WordPress Blog at Risk from the Epsilon Email Theft?
- Malware Found in WordPress Theme – Protect Yourself Now
- Old WordPress Versions Under Attack