Running WordPress? Stay Secure and Update Today

The latest version of WordPress has just been released, v3.1.4, so if you’re running WordPress it’s time to update. It is rediculously simple to update WordPress however many people wait several days or weeks to update potentially leaving their website privy to hackers and malware. This is one of the #1 reasons why I don’t recommend building a bunch of websites using WordPress, it can get very difficult to manage.

Since there are so many sites on the Internet running WordPress it is a constant target for hackers and blackhat SEO folks wanting to get some free link-love without you knowing about it. One of the most prevalent WordPress exploits is a spam link injection hack which puts a ton of links to someone’s site without the blog owner ever knowing, or learning about it too late when they get de-indexed by Google.

That’s right, someone can inject links into a WordPress blog and because of it Google could de-index you even though you had no idea the links were there to begin with. How can you avoid this? Well WordPress is working hard to keep their software secure and everytime they update it usually a number of exploits are patched at once.

The moral of the story? Keep WordPress up to date, a new version was just released today so if you’re running WordPress, it’s time to login and update.

{ 3 comments… add one }

  • AndyO June 30, 2011, 6:51 pm

    Greetings from Sydney, Australia!

    I’ve been following your blog for a while, and am a big fan!

    I was wondering if you’re still primarily using HostGator? I can see the HG ad still on the bottom of this site, and your DNS servers for this domain still point to HG, but I recall a previous post about you moving to RackSpace…

    I have been tempted to move some of my projects over to HG but have been very wary (there’s a lot of manual work involved!) due to conflicting reports of stability and uptime, and also since you posted that you had issues with them.

    I’m also not too big a fan of their CPanel implementation throwing all ‘addon domains’ as domains mapped to subfolders of the primary domain – Big security issue if you ask me, if the primary site gets hacked, not to mention it creates a heap of messy DNS records for the primary domain – I like to keep my stuff ‘isolated’ as much as possible.

    What are your current opinions of them?

    Reply
  • Scott Bender June 30, 2011, 6:52 pm

    Morgan:

    One of my web guys / SEO experts has been telling me about the problem using Wordpress as a web site because of the patches, updates and issues with hacking.

    Glad to see something about it in your blog.

    Best,

    Scott Bender

    Reply
  • RIchard Douglas June 30, 2011, 8:59 pm

    Morgan,

    It is a myth that updating to the latest Wordpress version is always the right thing to do. There have been several patches over the years that fixed one problem and opened 3 new ones.

    The best way to manage Wordpress is the secure it so that if there is a hole found, your security settings will save your sites. Security comes at the cost of convenience though, and most people are lazy. 😉

    I’ve written about it here:

    http://toomanysecrets.com/wordpress-security-tips/

    – Richard

    Reply

Leave a Comment