Updates, updates updates! Ugh! Why do we have to update everything!?
Well, when it comes to your WordPress site they are actually pretty important because of the security updates they have within them.
WordPress is used on tens of millions of sites around the world and is therefore seen by tens of millions of people as it is the largest self-hosted blogging tool in the world. This, unfortunately, makes it a prime target for hackers because if they can get into the backend of one WordPress site they can get into many and oh my, how the fun begins for them then!
We know what you’re thinking “Another blog telling me to update my WordPress site – sheeesh guys when will you let up on this!” But you know what, if you keep ignoring all of us out here then we’re going to keep telling you!
If you don’t just want to take our word for it that this is important for you to do then here’s some proof:
In September of 2014 a magical Finnish IT company called Klikki Oy located a critical security vulnerability in WordPress sites that were using version 3 of the software.
This vulnerability allowed hackers to enter in code disguised as comments to any blog or page that had a comments box on it. These boxes are open to ANYONE to comment in and as such hackers were using them to create new admin accounts, change admin passwords and, in the most serious of cases, execute attacker-supplied PHP code on the server. This would then grant the attacker operating system level access on the server hosting WordPress.
All that had to happen for this to be set off was for an admin of that page to look at the comment and hey presto! They were in.
Now, this massive vulnerability was luckily found by these white hat researchers before many black hat hackers got on to it, but guess what – now this vulnerability is known hackers may still exploit it because (another guess what!) 40.7% of WordPress users are STILL using version 3 of the software! (april 2015) (numbers for Nov 2014 were 86%, Sept 2014 was 90% if you want to backdate this till then)
That means millions (upon millions) of sites are still open to this potential threat.
So what are you waiting for? Update your WordPress site to the latest version now, you can find instructions on how to do that here or we can help you with it.