WordPress Sites Are Outdated and Vulnerable to Hacking

A Third of Top WordPress Sites Are Outdated and Vulnerable to Hacking

It’s easy to think of the web development work that goes into your new WordPress website as over-and-done once the official launch takes place. But just like any complex system, your new website requires some periodic maintenance. Otherwise, things could go sideways.

Think of it this way: You wouldn’t buy a brand new car and then never get an oil change, but a surprising number of top businesses have done the website equivalent — by not keeping their new WordPress sites up-to-date.

A new security analysis of top websites has revealed 33% of top WordPress sites are seriously outdated and vulnerable to hacks. Here’s what they found and why it’s a problem.

The WordPress Security Analysis

Earlier this month WordPress.org released a new security and maintenance update for the WordPress content management system (CMS) platform. It’s well known that about 75 million websites are running on WordPress and vulnerability for one WP site is a vulnerability for all of them. Web encryption firm The SSL Store wondered how many of the very top websites in the world updated to the new version.

The answer? Not enough. Half (49%) of top sites running WordPress had not upgraded to the latest version. And 33% were two (or twelve!) versions behind. The security firm’s methodology was to look at the Quantcast Top 10,000 rankings and then to automatically scan the homepages of those sites to check whether it was a WordPress site and if so what WP version. With just a sampling of 17% of those top sites running WordPress as their homepage (not counting top online companies where a separate blog or e-commerce portion of the site runs on WordPress) only half of the sites (51%) were caught up.

That’s a big risk for those out-of-date sites to take — not only with their website, but with their users’ data, their professional reputation, and their business as a whole.

The Truth About WordPress CMS Updates

Besides the people who develop them and the security professionals who understand why they’re so important, software updates aren’t the favorite thing of most folks. It can be a bit of a chore to do an update, it is always a remote possibility an update could break an improperly designed piece of a website, and most folks don’t understand the point behind such updates. So let me enlighten you a bit.

WordPress updates are just a part of the WordPress CMS. So far in 2018, there have already been four updates, including two important security updates. About every six to twelve months, WordPress.org releases a larger update that includes security fixes, bug fixes, and new or improved product features.

These updates don’t have to be a chore. In fact, from your WordPress admin dashboard, your webmaster or developer could set up automatic updates. That’s likely the case in the 51% of surveyed sites that The SSL Store found had updated to the brand new version earlier this month. This option is a good choice for those who really would prefer a set-it-and-forget-it website design.

There is a fear among some businesses that a new update could cause problems for your existing website. For most folks, this fear is overhyped. In 2017, there were more than a dozen updates to WP, and most websites continued to work just fine. Today’s developers know that updates are a part of life. Most such software doesn’t need any extra work to keep working after a WP update. For developers of popular widgets and plugins, you’ll most likely get a dashboard notification to update those, if needed, before key releases of new versions of WordPress.

If certain pieces of a custom website are vulnerable to updates, your developer will have gone over this with you, usually giving you a procedure to follow or offering ongoing development support to keep your website running while also staying up-to-date.

The Important Reason WordPress Updates Matter — Security

I hope your website is running the most up-to-date version of WordPress, or at the very least, the second-most up-to-date version. Failing to do so can leave your site open to some serious security vulnerabilities.

Security expert Adam Cohen explains why WordPress users are a hacking target:

“WordPress is the number one platform globally used to build websites. With the count of the number of websites being run off WordPress in the millions, it’s also the most common platform for hackers to attack against. Because if they find any exploits, it can be replicated on hundreds of thousands of sites.”

And security expert Paul Bischoff explains why not doing the updates makes you a prime target:

“Hackers often don’t find vulnerabilities in software all on their own. When a software publisher like WordPress puts out a patch that includes a security update, it tips off hackers…If you don’t update, you’re a target. The longer you wait, the more vulnerable you are.”

The Importance of Online Security for Your Business

Many web-based businesses today don’t just handle their information. Many also handle the address and payment info of their customers. Customers expect online businesses to keep their info safe and secure.

There’s also the element of trust. Most businesses work hard to develop trust with their clients and customers. A serious hacking attack can not only damage website files but also harm that trust.

A brick-and-mortar business would never leave the shop door open and the safe unlocked. By letting a business website get behind on security updates, that’s exactly the kind of risk and vulnerability online businesses are courting. Keep it up-to-date, and you’ll avoid these kinds of problems.

See how Kaleidico can help you build the website you want, at the price you want. Give us a call at 313-566-4849 or email hello@kaleidico.com to learn how our full-service digital agency can help with all your website needs.