Having The Latest Version of WordPress Is Very Important; Just Ask Reuters
Reuters, a highly respected news agency based in London, recently had their blogging platform compromised. This resulted in false stories posted on their website, including a made-up interview with a Syrian rebel leader. Adding insult to injury, Reuters was attacked again just a few days later, and this time hackers got control of their Twitter account, posting more dubious stories about how the U.S. supports Al Qaeda and that Obama ceased funding to 9/11 investigations.
How did this happen?
It is widely suspected that hackers were able to exploit weaknesses in the widely-used WordPress blogging platform. These weaknesses have been patched, but Reuters simply failed to update to the latest version of the software, using 3.1.1 instead of the 3.4.1, and this mistake purportedly brought down their entire website. 3.1.1 is well-known for having security issues and WordPress insisted that everyone update immediately once patches had been developed.
These attacks could have been easily been prevented if only Reuters’ engineers had clicked at the notification which appears at the top of every WordPress dashboard (its admin panel) when new updates are available, which take seconds to install. The oversight is odd, understandable only if Reuters made many customizations to their WordPress installation or was using plugins that might be incompatible with the latest version.
Even more incredibly, after the hacking incident broke, bloggers posted screenshots showing that Reuters still had not updated their WordPress installation for some time after the attack! (This has since been rectified.)
The importance of using the latest version of software
It is very important for users to always update to the latest version of WordPress software, because it is the pre-eminent blogging platform, used by huge media companies and individual bloggers alike. This makes WordPress a choice target for hackers, similar to the way Microsoft products are so often targeted due to their ubiquity.
Reuters is not the first company to have gotten hacked through the use of an older version of WordPress. Recently, over 30,000 websites were hacked to redirect traffic to fake antivirus software. Over 90 percent of these websites were using outdated versions of WordPress or its plugins, pointing to this as a probable contributing factor.
Hacks are not always as serious as the Reuters incident and manufactured news on a respected news site read by million is pretty serious. In some cases, hackers simply want to create fake user accounts on blogs in order to post comments with backlinks to spammy sites. But for WordPress sites that have sensitive user information, such as e-commerce sites with customer databases, even seemingly innocuous penetrations might allow further access down the road.
To sum up, simply keep your software up to date. As mentioned, WordPress and its numerous plugins are very painless to update, and the price of not doing so is a loss of productivity, traffic and revenue. Responsibility for maintaining a website lies not with WordPress, which is a free, open-source platform, but with the IT managers and webmasters that use the platform. Learn from the Reuters incident to safeguard your own sites
About the author: Dirk Reagle has been covering all things tech for many years as a freelance writer. When he’s not busy reviewing mobile web designers in Chicago including Orbit Media, you can find Dirk producing music and touring with his band NightHawk/DayHawk.
More Options Print This Page! Subscribe With RSS Reader Subscribe by EmailFiled under WordPress |
About The Blog Author
Alex Sysoef is an IT Consultant, Internet Marketer and ProBlogger who shares his passion and knowledge of WordPress, SEO, Social Media and traffic strategies on his blog WordPress Howto Spotter. Connect on Twitter or Facebook
Hi Dirk,
It’s so simple but true. I don’t know why website as big as reuters forget to do the updates. You just aware us with this very important to do list as blogger. Thanks
Lana recently posted..Remedies of Bad Breath
Twitter: seewhatyouneed
says:
Hi Dirk,
Plugins updates is important and should not miss by the admin. Reuters mistake is a big lesson experience to us bloggers. Thanks for sharing the post.
Okto recently posted..Achieving Social Signals, Why You Should Try It?
Twitter: Quillcards
says:
I wonder what the particular exploit was? And of course it can be a theme that is outdated (maybe using TimThumb) and vulnerable, not just WordPress itself.
Twitter: Elena__Anne
says:
Good article. Updates aren’t difficult to obtain, the click of a button really, so one should really keep up for the benefit of your blog, for the benefit of your business.
Twitter: BloggersGeek
says:
I never gave importance to the latest versions… I guess, I will have to keep thing in my mind or else it wont be good for my own blog.
Twitter: discoverig
says:
Interesting stuff — I guess my biggest fear every time WP updates is “what will get messed up” — but I suppose having to tweak some plugins and what not is a lot better than getting hacked
Yeah, if you keep on top of updates – you shouldn’t see any issues.
A screw-up of epic proportions there by Reuters!
I’ll confess: Almost all my WordPress based blogs (personal and clients’) are running outdated versions of WordPress. Mostly due to the fear that something (a plugin, aspects of the theme, etc) wont work or mess the whole thing up. Plugins usually tend to have compatibility issues.
And its not worth upgrading if you’re just going to lose everything that you’ve spent hours setting up, or redo it all over again.
CraigStevens recently posted..List of Essential Tools for Bloggers
Thanks for the useful info! I get scared everytime theres an update!
Very nice guide! You should really post more of these guides. Gonna read more of you in the future.Really i am impressed by site its really helpful for me.