Here’s a real world example of why it’s imperative to keep your WordPress installations up-to-date. Reuters may be a larger target than most for hacking, but hackers don’t have to target anyone in particular in their search for vulnerable sites. To find software platforms with known security issues, they simply run a script to search for sites using x,y,z versions of the software, and then run the script to take advantage of the hole. Remember, we may be talking specifically about WordPress, but this applies to all software whether it’s on a server or your desktop/laptop.In this case of Reuters, they use WordPress for the blogging platform of their site. The hack resulted in several fabricated articles posted appearing to be factual from Reuters that contained false information related to the Syrian conflicts.

The WSJ blog reported that: [quote]According to Mark Jaquith, one of the lead developers of the WordPress core, and a member of the WordPress security team, Reuters was using version 3.1.1 instead of the current version 3.4.1, which has the most recent security patches.

Jaquith said the platform includes update notifications and a self-updating feature to help customers stay up-to-date with security patches. “If organizations ignore those notifications and stay on an outdated version, then they put themselves at risk of these sorts of breaches,” he told CIO Journal in an e-mail.[/quote]

Click to enlarge

Keeping your site updated is easy, but it’s not always simple. Make sure your theme and plugins are compatible with the new version and have a current backup first. After running your updates, test the look and functionality of your site to make sure nothing broke in the process.

There are no guarantees that an updated WordPress installation will prevent hacking, but it is one of the most critical tools you have the ability to control.