It is an old song. I’ve sung it for years.
UPDATE WORDPRESS NOW!
Reuters was hacked recently and many blame WordPress, though most honest reporters are quick to state that it is the webmaster/site owners fault for not updating. Seems they were running a version from over a year ago.
According to PC Magazine’s Security Watch:
With the latest attack, [Mark] Jaquith said there was still no way to know whether the outdated version was the culprit, “unless Reuters shares what they’ve learned about the breaches.” He said it was just as possible the attackers got onto the server some other way, and once in, went looking for the WordPress installation.
…”WordPress and its Plugins are definitely primary attack vectors for many attacks,” Carey said.
Attacks on the platform are also not that unusual. There have been many WordPress blogs over that past year that have hacked with the Black Hole exploit kit to serve up malware.
“This isn’t a knock on WordPress directly: the blame lies with site owners and administrators who fail to keep up with patches,” Carey said, adding that while updating software is a “basic step,” there is “evidence of a lack of execution in this area.”
There are many ways to hack a website. Vulnerabilities may exist in PHP, MySQL, JavaScript, and other supporting programs that WordPress relies upon. I’ve been a victim of an attack on my site from a web host being careless with their server settings, something I had nothing to do with, nor did it have anything to do with WordPress, but it provided a gateway into my site.
While it is easy to blame WordPress, remember that it’s your job to keep the site updated. WordPress is amazingly responsive when a vulnerability is found.
Here is the rule of thumb to follow:
- If a full update is released, update within a few days. WordPress is tested extensively nowadays before it is released to the public, so trust it. keep WordPress Themes and Plugins updated, too, and you will rarely have compatibility issues.
- If a mandatory update is released, update immediately. There are no compatibility issues, nor upgraded features to worry about. It is a security fix so respond immediately to protect yourself.
Hackers, evil doers, and time wasters are targeting WordPress because it is the Windows of its day. It’s a big target.
Luckily, WordPress is up to the challenge.
Don’t risk it. Update now.
Related Articles
- What You Most Need to Know About WordPress
- Defying Brute Force Attacks on WordPress Logins
- Security and Protection: Understand the Social in a Crime Network and How to Protect Yourself
- Is Your WordPress Blog at Risk from the Epsilon Email Theft?
- Malware Found in WordPress Theme – Protect Yourself Now
- Old WordPress Versions Under Attack
Via Feedburner
Subscribe by Email
Lorelle on WordPress 
8 Comments
Updating software is extremely important but I’m sure there are hundreds of wordpress sites not being updated at all. Small/medium businesses need new sites but want to spend as little as possible. They find a cheapest webmaster, the site is made and… that’s it! I think it is extremely important that you are either trained in managing the site on your own + at least some basic of security or you need to find a company who will take care of technical support after building the site for you. Don’t just build the site and forget. I see too many wordpress sites that are not being updated at all.
If I do not see the reminder to update (at the top of my dashboard) do I need to do anything? Thanks for ALL your help.
If you are on WordPress.com, consider yourself one of the luckiest people online. You will never see a reminder to update as that is taken care of completely for you. All secure and safe.
Wow, I’m lucky Im with wordpress then and they take care of it for you. I have just recently joined up! Unlucky for all those people!!!
How odd. I thought they were a part of the WordPress.com VIP program. Maybe this will be the push they need to move. 🙂
i have been trying to figure out how to update. then i saw your comment above that says if i am on wordpress.com it is handled for me. does that mean if i switch my blog over to wordpress.org or to another host i will have to do it? if so, how would i do it—i have looked through and don’t see anything to click on to update for the new releases. If I am not on wordpress.com will there be a button?
@Kate: If you move from WordPress.com to a self-hosted version of WordPress, you become an administrator, a webmaster, and you have to monitor for updates for Plugins, Themes, and the full version of WordPress. Yes, there will be a “button” which is a notification. You will have all the responsibilities for clicking it. 😀
Good point, has there ever been a piece of software that’s been released free of exploits? I don’t think so…even linux is full of security holes which are promptly patched but if you don’t apply the patch…well…
4 Trackbacks/Pingbacks
[…] I wrote about keeping WordPress updated for security reasons, and I’m singing the same song […]
[…] your blog. Though it’s the most popular blog platform out there right now, and despite the recent reports questioning its security… trust me, it’s the safest Software you’ve got for blogging (aside from being the […]
[…] Update WordPress Now: Reuters Hacked […]
[…] Update WordPress Now: Reuters Hacked […]