Skip to main content

Websites Are Being Attacked – Time For A Security Update

By February 27, 2017March 1st, 2023Cybersecurity

WordPress is the reigning King of the Content Management Systems, and by extension, the king of much of the internet. More people use the platform than any other, and with good reason. It’s an enormously flexible platform that will allow you to build any kind of website you want with ease.

With creative use of plugins, you can add an unbelievable array of functionality to your site, but therein lies the problem.

On the web, anything that’s popular becomes a target, and that’s exactly what has happened here.

Hackers have been quick to take advantage of a newly discovered unauthenticated privilege escalation vulnerability in the code that has enabled them to fan out all across the internet and start defacing a worrying number of websites powered by WordPress.

The chief culprit that’s making this possible is the simple fact that many site owners don’t allow automatic WordPress updates, and as such, didn’t get the already-released patch when it became available.

There are some valid reasons not to use auto-updates. If your site has a high number of custom additions, an update may break some of your custom code or cause it to behave in ways you don’t expect, which could mean downtime.

That’s an understandable and quite valid concern, but the reality is that without the latest patch, your site runs a real and growing risk of being hacked.

If you’re lucky, you’ll get overlooked for a few months.

If you’re very lucky, when the hackers do turn their attention to you, all they’ll do is deface your home page, but with escalated (Admin) privileges, there’s nothing that says they have to stop there.

If they wanted to, they could download all manner of sensitive customer or proprietary data and sell it to the highest bidder. It’s just not a risk worth taking, so if you use WordPress and haven’t updated in a while, the time is now.

Chris Forte

Chris Forte, President and CEO of Olmec Systems, has been in the MSP workspace for the past 25 years. Chris earned his Master’s Degree from West Virginia University, graduating Magna Cum Laude. He was a past member of the Entrepreneurs’ Organization, a current member of the New Jersey Power Partners and Executive Association of New Jersey, where he has previously served on its board of directors. In his spare time, Chris enjoys traveling with his family. He also admits to being a struggling golfer and avid watcher of college football and basketball. He currently lives in Boonton Township, NJ with his wife, two daughters, son, and black lab Luna.