Reuters May Still Be Running Outdated WordPress
The popular online news service Reuters is still running an outdated version of WordPress, in spite of having recently been the target of a hacking attack.
Last week, Reuters saw their blogging platform attacked, and compromised websites had fake blog posts put up on them, including a supposed interview with the leader of the Free Syrian Army.
Mark Jaquit, one of WordPress’s lead developers, claims that Reuters had been running WordPress 3.1.1 at the time of the attack, while the recommended version of WordPress was 3.4.1, There are several reported vulnerabilities in Version 3.1.1 and users of WordPress that are running an outdated version of WordPress are warned when they log in to their control panel.
The blogs were all taken offline shortly after the attack took place, but the sites have since been brought back online. Jaquit has expressed concern that the sites may have been cleaned up, but not updated after the attacks took place.
WordPress has a self-updating feature that works with most popular hosting services, and should make it easy for website owners to stay up to date. The CMS developers release regular updates to patch bugs, improve security, and add new features, and users should be able to upgrade with just a few mouse-clicks, whether they are experienced web developers or not.
It’s important that website owners keep their sites up to date, as even small vulnerabilities can be exploited to steal passwords, inject malicious code, and cause the kind of problems that Reuters have faced. If you are a website owner, and have concerns about the version of WordPress you are running now, take a backup of your site and update as soon as possible to ensure that you are as well protected as possible.