In the world of website content management systems, WordPress is king. As far back as 2012 Fortune magazine anointed WP rulers of Web and now their number of installed platforms exceed 70 million. So a logical question is “What does it mean to be one of 70 million in terms of website security?”
Well, in cyber-security as in many industries, Shakespeare’s line “Uneasy lies the head that wears a crown” is often applicable. So it’s important to recognize that dominant market share makes an inviting target for criminals. Exploit writers follow the money which, for them, lies in hacking vulnerable website code. The more vulnerable applications in distribution, the more profit they see.
Hackers use WP sites – revenue-generating and fan-based alike – to carry out criminal activity ranging from malware distribution to data theft and more. At 6Scan, we see an inordinate number of sites unwittingly inviting attacks with virtual “Hack Me” signs. Of the WP sites on our scanning platform (as of January 17, 2014) fewer than 20% were using the current version (3.8) and approximately 25% run versions that are more than one year out of date (see chart for full break out.) Hackers love out-of-date applications, which they regard as low-hanging fruit, becuase their vulnerabilities are well known and exploit packages are available for purchase. So before doing anything else, 6Scan urges WP site owners and administrators to install the latest version of WP. Strengthening sites across the board – all types – is good for the individual as well as the WP community in general.