Seriously, WordPress 4.7.2 has been out for 2 weeks now. Why is there so many websites owners that have chosen not to update to the latest version which fixes a severe security flaw that could leave you exposed to getting hacked.
Some critics might say then don’t use WordPress. WordPress is one of the most secure pieces of software out there. If you don’t want to use a system that has a vulnerability, then turn of your computer. Every piece of hardware, software and Operating System has security flaws. The reason why WordPress is so secure is because there are major companies, developers and researchers who are committed to the open source project and it is actively maintained.
Currently there are about 100,000 websites that have already been defaced and hacked because of this vulnerability. The WordPress Security Team did all of us a solid by giving everyone a full week before announcing what the flaw was that was patched. That should have been more than enough time for people to head over to their website, login and make sure they were updated.
We released 2 articles and YouTube videos already where we advise everyone to update immediately. Plus this was a security update which means that your site should have updated automatically unless you changed your settings to manually update when you choose.
The team at Sucuri are credited with discovering the vulnerability and disclosing it responsibly and the WordPress team did what they do best. They jumped into action and fixed the issue. The good thing is that WordPress powers 27% of the modern web with millions of websites using the WordPress software and the vast majority have been updated. So while 100,000 websites being hacked sounds like a lot, when compared to how many websites are using WordPress, that percentage is extremely small.
Still, if you own or manage a website, keep it up to date. Make sure your core files, themes and plugins are using the latest versions. Even if you don’t blog often, you should be receiving an email that updates are available. If for some reason managing your website is something that doesn’t interest you, then farm out that responsibility. Your website is a major part of your brand. If Goole flags your site as unsafe, then your search rankings will tank.
Make it a habit to check in on your website daily. Follow a few security blogs like:
These resources will keep you up to date on any known issues.
The thing to remember is most hackers are not aware of these issues until they are disclosed which means you will often have a tremendous amount of lead time to ensure your website is updated and secure.
Once the hackers read the same blogs and realized there was an opportunity to attack, they jumped on it. Now there are a bunch of sites that will probably need to hire someone to clean their site up. Hopefully if you’re reading this article or watching the associated video, you took my advice and updated. If not, then hopefully your site hasn’t been impacted yet and you still have time to rectify the issue.
Some people might ask, “Why was the issue disclosed”? Disclosure is important. Responsible disclosure is even more important. Both Sucuri and the WordPress Team acted in a responsible fashion. They gave us all the time we needed to make a fix.
We all need to do our part to keep ourselves, our website visitors and the rest of the internet safe.