Blog

Don’t Drag Your Feet on Website Security Updates

I understand that you’re busy. You have more to do than you can possibly accomplish, and a lot of it needs to be done RIGHT NOW. I’m going to add to your burden.

Maintaining the security of your website is vital. You need to monitor your website for updates, and when a security-related update is published you need to install it ASAP. Some cases to point:

  • February 27, 2017: Information about a SQL injection vulnerability in the NextGEN Gallery plugin for WordPress. This is an extremely popular plugin. By the next day I was seeing bots probing for this vulnerability.
  • February 9, 2017: The existence of a huge security vulnerability in the WordPress REST API was disclosed, and a new version of WordPress was released that fixed the vulnerability. Subsequent to that announcement, there was a huge uptick in the number of defacement attacks.
  • March 6, 2017: Yet another new version of WordPress was released containing fixes for half a dozen vulnerabilities. My scans of client logs the next morning revealed many attempts by hackers to probe for those vulnerabilities in the hopes of finding websites that had not been updated.

There are two things in play here:

  1. Most hackers don’t have inside information about website vulnerabilities. They learn about them the same way you and I do: By reading that a certain vulnerability has been fixed in version XX of software YYY.
  2. Most hackers count on the fact that most website owners don’t keep their software up to date. (70% of all WordPress installations are out-of-date.) Sucuri reports that the leading cause of infection is the exploitation of known vulnerabilities in plugins.

Which means that you need to take just a moment every day to check the status of WordPress and your plugins. For each plugin that needs an update, WordPress’ Plugins page provides a ‘Details’ so you can see the reasons for the update. Any with whiff of being security related should be updated immediately.

Of course, we provide website support, maintenance and security services so that you don’t have to worry about this stuff.

Related Posts

Your Worst Nightmare

Imagine having to send this letter to all your customers (This is an actual letter…

This Post Has 0 Comments

Leave a Reply

Your email address will not be published. Required fields are marked *

Back To Top