Latest News

October 7, 2013

Users Not Updating with WordPress Patches Say UK Specialist Security Consultants

wordpress-security

Failure to patch leaves many WordPress sites vulnerable but, then again many WordPress users find that some plugins fail to work and in general are happy that the version they’re on is working fine.

Analysis by WP WhiteSecurity and EnableSecurity, specialist security consultancies in the U.K. are finding that, poor updating and sometimes no updating is leaving large numbers of WordPress websites open to exploitation in cybercriminal campaigns.
The study of 42,106 WordPress sites listed in Alexa’s top one million in a three-day period earlier this month, found that an astonishing 74 versions of the software in use, only 18.5 percent of which had updated to the latest version, 3.6.1.

The study was carried out on September 12, only one day after release of that newest version; but but the prevalence of older versions is still stark. A total of 6859 sites were using version 3.5.1 (which has eight documented vulnerabilities); 2204 were using version 3.4.2 (12 vulnerabilities); and 1655 were using version 3.5 (ten vulnerabilities).

“This means that 73.2 percent of the most popular WordPress installations are vulnerable to vulnerabilities which can be detected using free automated tools,” the WhiteSecurity report states. “It takes a malicious attacker only a couple of minutes to run automated tools that can discover such vulnerabilities and exploit them.”

A Trend Micro analysis earlier this month put some figures on the scale of what has been happening, with one backdoor campaign compromising as many as 100,000 domains in a single week.

Be Sociable, Share!

The following two tabs change content below.

avatar

Dave Thornton

Senior Editor

Senior Editor
Been involved in technology for many years, more than I care to remember. Live in Dundee, Scotland. I like Android, Windows Phone OS, BlackBerry OS and iOS, and love writing about all things techie. Currently have a Honor 6+, Elephone P6000, Nexus 5, Chrombook C720, HTC One M7, Nokia Lumina 625, Microsoft Lumia 435, Blackberry Q10, HTC Hero and iPad mini