Running old version of WordPress allowed hackers to gain entrance.
We hear it all that time. It is very important to keep your software up to date. We have employed Virus software on computers which is being updated daily and sometimes more than once a day. It seems that the threats that we face are continually growing. And if we do not maintain the software to its current version, we could get hacked. And it seems that is exactly what happened to Reuters and their WordPress site.
As is being widely reported, they were running WordPress 3.1.1 instead of the current 3.4.1 which is the most recent and security patched version. The 3.1.1 version does not represent the latest version of WordPress and was released in April 2011. Since that time, there have been 11 newer versions of the software released. And they are always working to improve and fix things. The next version is scheduled for release in December.
For anyone who has a WordPress site that you are responsible for and it is self hosted, you are reminded to upgrade to the latest version of WordPress each time that you log on to the dashboard. They make it so easy to apply a newer version of WordPress, it is a big surprise that they did not and commented on by ZDNet.
This is a textbook mistake. You should always be using the latest version of your software, especially if you’re a major company that is often targeted by hackers. WordPress is, in particular, a popular attack vector for cyber criminals. While there is no guarantee that the hackers exploited an unpatched security hole in WordPress to access Reuters’ blogging platform, it’s more likely given this new information.
This could almost be considered a rookie mistake if it were not for the size of the company. Some are even speculating that they are still running an old version of WordPress on their site. And this is after being hacked. If this is correct, then it would indicate that Reuters has made heavy modifications to the Open Source software to meet their needs and create a unique side. That would require migration of all that code to the most current release which would be a time consuming activity for them. After this most recent hacking event, they do not have too many other options going forward.
I took some time and went out to blogs.reuters.com and in a matter of minutes was able to determine they are still running WordPress 3.1.1. All I had to do was to look at the page sources and then search for “WordPress” and there it was. The report about this is accurate and they are still on the version which was hacked and let someone gain entrance to the blog and post material. Leaving this situation is place is not a good idea as it encourages others to try and hack the site.
They have been hacked and because they are still running an older version, hackers know exactly what to target in an effort to gain access to their site. For everyone out there who has a WordPress site, make sure that you are running the most current version of WordPress and you have updated all your plugins. It is critical that you take these simple steps to protect yourself and your site from hackers.