How Many Ticking Time Bombs Are In Your Website?

We received notification this morning that one of the WordPress plugins used by several of our clients had been updated. A quick review of the plugin’s release notes revealed that a cross-site scripting (XSS) security vulnerability had been discovered and fixed.

Things like this are ticking time bombs. The average website owner doesn’t check the status of their plugins every day. It may be weeks or months before they get around to this. I’ve seen websites that have never been updated since they were originally built and deployed. It’s not that they are lazy: running their business consumes every minute of the day.

The hackers know this.

The hackers know that most WordPress websites have known vulnerabilities because website owners cannot spend the time to keep up with the updates. (I have a client with seven websites that have had 81 plugin updates this month alone.)

The hackers also probably know about the vulnerabilities before you do. Just like us, they monitor the websites and blogs that provide information about newly-discovered vulnerabilities. When a new one appears they update their Bots to start looking for that vulnerability.

There is only one way to solve this.

You need a person whose primary responsibility is the security of your website – someone who monitors the status of WordPress and your plugins daily.