(Ping! Zine Web Tech Magazine) – WordPress is the most popular Content Management System on the web. The most recent version of the software has been downloaded 12.5 million times. It is free for anyone to download and use, and is a versatile and easy to use system that allows anyone to build and maintain a website. It is estimated that 16% of the world’s top one million websites use WordPress.
Version 3.5 of WordPress was downloaded 60 million times, however the most recent version has been downloaded only 12.6 million times, meaning 80% of WordPress installations are not using the latest version of the system. Creative Development found in a recent study that a large portion of websites are using even older versions of the system. This makes them very vulnerable to specific cyber attacks. Older versions of the core system have known vulnerabilities, which allow a malicious user to enter the system, make changes, or even steal a user’s details.
The core system is always being updated by the WordPress community, however individual website owners have to install updates on their own website themselves, and many businesses either don’t know how to update their installation, or forget to.
The popularity of the system increases the risk the system will be a target for hackers. All web platforms have vulnerabilities, and can be attacked by malicious agents, however WordPress has had some specific vulnerabilities that have been exposed by hackers over the last few years. These vulnerabilities have been fixed on new versions of the platform, but older versions are still open to attack.
If a website is hacked, initially there is no indication the website is vulnerable, only special software can detect if a website has been compromised. During this initial few hours the website is most dangerous. Customers’ details or business information could be stolen, viruses could be passed on to anyone who visits the site, or even other sites on the same server could be attacked.
The first sign, for most businesses, that their website has been hacked is when it is already too late. If one of Google’s spiders finds a compromised site, the search engine will usually post a warning in the search results, and notify user’s with a bright red page in their browser. This will obviously turns many users away, causes businesses to lose customers.
The most effective prevention is to keep a WordPress installation up to date. In most cases, an update can be carried out through the administration panel, and there are notifications that help website owners through the process. Some custom websites cannot be updated in this way, and require a manual upgrade. Once a website is hacked, the only real option is to carry out a fresh installation of the theme and the core, and possibly complete removal of all files from the server. In some instances expert help is required.
“A WordPress expert can help a business prevent an attack, and help with recovery,” said Robert Steers, owner of Creative Development. “They can make sure an installation is up to date and has the latest protection against attack.”
“Software is available that monitors a site 24 hours a day, and regular backups will help a business get running again quickly if it is attacked. No website is 100% secure from malicious agents, however vigilance is key, and a good developer can help prevent most attacks.”
About Creative Development
Creative Development is a Sydney web design and marketing agency specialising in WordPress. Over the last ten years they have created websites from end to end for clients in a range of industries, from distributors to consultants, selling building products, real estate and recruitment. Their campaigns use a variety of methods, including Google Adwords, SEO, Direct Mail, Web Design and eCommerce.