WordPress is arguably the most popular web development platform out there. Not only is its popularity soaring, it’s easy to use, has a modern and fully customizable CMS (Content Management System), its also reliable, and supported by communities around the world. It’s no surprise that millions of websites are on WordPress.
What’s also no surprise? That it’s prone to attacks. Recently, some 20 attackers defaced thousands of WordPress websites. If you think 20 attackers is frightening, wait ‘til you read more.
WordPress attacks by the numbers
In 4 separate attacks, an estimated 40,000 websites were compromised, defacing 67,000 web pages, which has quickly gone up to 1.5 million. A security release update, WordPress 4.7.2, was immediately launched to mitigate the flaw, but not everyone was able to deploy it on time, thus inflating the number of corrupted web pages.
Although WordPress took measures to ensure that the vulnerability would go unnoticed, hackers found a way to get around the initial fixes and exploited the sites that remained unpatched. Those who haven’t applied WordPress’s latest security release remain at risk.
Fixes have been deployed and stronger patches are in the works, but hackers do not just sit around and wait to be taken down. In fact, more attacks are being launched concurrently with security developers’ attempts to strengthen blocking rules.
In preparation for further exploits, WordPress liaised with cybersecurity firms to implement protective measures. Google did their part by announcing via Google Search Console the critical security updates that webmasters must install to protect against the WordPress-specific attacks. Meanwhile, web application vendors and web hosting companies are poised to protect their customers from attacks by installing web filters on their customers’ web servers.
Despite these measures, the attacks are expected to continue. Updating security patches that can effectively alleviate the vulnerabilities’ impact will also take time to develop and launch.
The importance of patches
Some attacks may cause a blip on your business’s networks, while others might cause its demise. From all these attacks, one lesson is worth emphasizing: Applying the most up-to-date patches is critical to your systems’ security and business’s survival.
Unpatched systems are the easiest targets for hackers who are always on the lookout for vulnerabilities to exploit. If your organization lacks the capacity to manually update security patches, consider deploying patch management software. Be aware that not keeping all your software updated is foolhardy and can cost you dearly.
WordPress remains the most widely used Website development platform and its popularity is not going to wane anytime soon. We love WordPress, but keep it updated!
If your website runs on WordPress and you’re considering security options that will ensure your company is poised to handle breaches, give us a call for advice.
Bob Milliken is the TheITguy@CascadiaSystemsGroup.com specializing in helping businesses with their IT needs. Discover how great local IT services can be. 604.270.1730.