Skip navigation

Update WordPress Now: Reuters Hacked

It is an old song. I’ve sung it for years.

UPDATE WORDPRESS NOW!

Reuters was hacked recently and many blame WordPress, though most honest reporters are quick to state that it is the webmaster/site owners fault for not updating. Seems they were running a version from over a year ago.

According to PC Magazine’s Security Watch:

With the latest attack, [Mark] Jaquith said there was still no way to know whether the outdated version was the culprit, “unless Reuters shares what they’ve learned about the breaches.” He said it was just as possible the attackers got onto the server some other way, and once in, went looking for the WordPress installation.

…”WordPress and its Plugins are definitely primary attack vectors for many attacks,” Carey said.

Attacks on the platform are also not that unusual. There have been many WordPress blogs over that past year that have hacked with the Black Hole exploit kit to serve up malware.

“This isn’t a knock on WordPress directly: the blame lies with site owners and administrators who fail to keep up with patches,” Carey said, adding that while updating software is a “basic step,” there is “evidence of a lack of execution in this area.”

There are many ways to hack a website. Vulnerabilities may exist in PHP, MySQL, JavaScript, and other supporting programs that WordPress relies upon. I’ve been a victim of an attack on my site from a web host being careless with their server settings, something I had nothing to do with, nor did it have anything to do with WordPress, but it provided a gateway into my site.

While it is easy to blame WordPress, remember that it’s your job to keep the site updated. WordPress is amazingly responsive when a vulnerability is found.

Here is the rule of thumb to follow:

  • If a full update is released, update within a few days. WordPress is tested extensively nowadays before it is released to the public, so trust it. keep WordPress Themes and Plugins updated, too, and you will rarely have compatibility issues.
  • If a mandatory update is released, update immediately. There are no compatibility issues, nor upgraded features to worry about. It is a security fix so respond immediately to protect yourself.

Hackers, evil doers, and time wasters are targeting WordPress because it is the Windows of its day. It’s a big target.

Luckily, WordPress is up to the challenge.

Don’t risk it. Update now.

Related Articles


Feed on Lorelle on WordPress Subscribe Feedburner iconVia Feedburner Subscribe by Email

Copyright Lorelle VanFossen.

8 Comments

  1. Michal
    Posted August 27, 2012 at 1:51 am | Permalink

    Updating software is extremely important but I’m sure there are hundreds of wordpress sites not being updated at all. Small/medium businesses need new sites but want to spend as little as possible. They find a cheapest webmaster, the site is made and… that’s it! I think it is extremely important that you are either trained in managing the site on your own + at least some basic of security or you need to find a company who will take care of technical support after building the site for you. Don’t just build the site and forget. I see too many wordpress sites that are not being updated at all.

  2. Posted August 27, 2012 at 2:55 pm | Permalink

    If I do not see the reminder to update (at the top of my dashboard) do I need to do anything? Thanks for ALL your help.

    • Posted August 27, 2012 at 3:26 pm | Permalink

      If you are on WordPress.com, consider yourself one of the luckiest people online. You will never see a reminder to update as that is taken care of completely for you. All secure and safe.

  3. Posted August 30, 2012 at 4:35 pm | Permalink

    Wow, I’m lucky Im with wordpress then and they take care of it for you. I have just recently joined up! Unlucky for all those people!!!

  4. Posted September 1, 2012 at 11:54 pm | Permalink

    How odd. I thought they were a part of the WordPress.com VIP program. Maybe this will be the push they need to move. :)

  5. Posted September 7, 2012 at 10:31 am | Permalink

    i have been trying to figure out how to update. then i saw your comment above that says if i am on wordpress.com it is handled for me. does that mean if i switch my blog over to wordpress.org or to another host i will have to do it? if so, how would i do it—i have looked through and don’t see anything to click on to update for the new releases. If I am not on wordpress.com will there be a button?

    • Posted September 8, 2012 at 2:18 pm | Permalink

      @Kate: If you move from WordPress.com to a self-hosted version of WordPress, you become an administrator, a webmaster, and you have to monitor for updates for Plugins, Themes, and the full version of WordPress. Yes, there will be a “button” which is a notification. You will have all the responsibilities for clicking it. :D

  6. Jason
    Posted September 27, 2012 at 6:18 am | Permalink

    Good point, has there ever been a piece of software that’s been released free of exploits? I don’t think so…even linux is full of security holes which are promptly patched but if you don’t apply the patch…well…


4 Trackbacks/Pingbacks

  1. [...] I wrote about keeping WordPress updated for security reasons, and I’m singing the same song [...]

  2. [...] your blog. Though it’s the most popular blog platform out there right now, and despite the recent reports questioning its security… trust me, it’s the safest Software you’ve got for blogging (aside from being the [...]

  3. [...] Update WordPress Now: Reuters Hacked [...]

  4. [...] Update WordPress Now: Reuters Hacked [...]

Post a Comment

Follow

Get every new post delivered to your Inbox.

Join 20,278 other followers

%d bloggers like this: