Wordpress Security

Wordpress remains one of the most popular (arguably the most popular) website content management system on the Internet today. With that fame and usage comes the bad as well, security issues, exploits, security holes, poor written code and more. This attracts malicious attacks, hackers, and other foul intentions to your site looking to gain their 2 minutes of fame, spread attacks, use your site to launch attacks towards other sites and more.
Over this past weekend, we completed a report that found the total number of Wordpress installations on our servers and their respective versions. We found that 68% of installations are running a version lower than the current release, which at the time of writing is 4.7.3 and that 41% are running versions lower than v4. The oldest version we found was 3.0.1, which released back in July of 2010, almost 7 years old, imagine the security issues and bugs in this release!
Many of these versions have critical security issues and other major bugs that can cause the Wordpress installation to be hacked, exploited and taken over, code injected into templates and other issues. If the core is out of data, you can bet that the theme(s) as well as plugins are also very much out of date with it.
While the Wordpress core can have security issues, poorly written plugins can have major problems such as the infamous TimThumb plugin / script, Contact Form 7, NextGen and many others.
If you have Wordpress installed on your site, the best thing you can do is login to it, check to see what version you are running, if there are any pending updates and install any updates available. Plugins can have updates quite often, so checking your site weekly, or even daily is a good practice. Wordpress core updates come less often, usually every couple of months or so.
What will ASPnix do? We are discussing internally what can be done to help push customers to update and maintain their sites. Unmaintained Wordpress installations that are exploited not only hurt the customer’s website, but can also cause major problems for us. Including complaints, carrier actions such as blocking IP addresses and many other actions that can affect other customers as well.
Keeping your Wordpress (and any application that is accessible to the world) up-to-date is very important. Just as we have a responsibility to maintain our networks, our servers and equipment, keep them updated, apply patches, security fixes and more.
If you have any questions or concerns about Wordpress, how updates work or if you are not sure if you run Wordpress, contact our support team and we will be happy to help!