Top Computer security News sites

“73%” of WordPress sites vulnerable to attack
February 14, 2016 – 08:13 am
Click to Open Overlay Gallery

The WordPress 70%A recent investigation has concluded that 73% of the 40, 000 most popular websites that use WordPress software are vulnerable to attack.

The research, carried out by vulnerability researchers EnableSecurity and reported by WordPress security outfit WP WhiteSecurity, was conducted between Sept 12 and Sept 15 shortly after the release of the WordPress 3.6.1 Maintenance and Security Release.

WordPress is the most popular blogging and Content Management System (CMS) in the world and, according to WordPress founder Matt Mullenweg, it powers one in five of all the world’s websites.

As with any research of this kind we should apply a big pinch of salt.

In fact in this case we don’t need to supply our own salt because the research actually comes self-salted thanks to this hilarious rider at the bottom of the article:

The tools used for this research are still being developed therefore some statistics might not be accurate.

You have been warned.

So if the numbers might be wrong why am I bothering to reproduce them here? Because (in my opinion) they are probably true (well true-ish) and even if they aren’t they still highlight an important security issue which isn’t diminished one iota by their sketchiness.

As long as we go into this with our eyes open we’ll be fine.

The research did no more than set out to discover what versions of the popular CMS are in use by the top 1 million websites.

This singular focus is with good reason: the first rule of WordPress security is always run the latest version of WordPress.

If you aren’t running the very latest version of WordPress then the chances are you are running a version with multiple known vulnerabilities – bugs that criminals can use to gain a foothold on your system.

EnableSecurity’s scan of Alexa’s Top 1, 000, 000 discovered that 41, 106 websites were running WordPress, a little over 4%.

They then determined that of those websites at least 30, 823 were running versions of WordPress that have known vulnerabilities. From this they concluded that

73.2% of the most popular WordPress installations are vulnerable to vulnerabilities which can be detected using free automated tools.

Add your salt now.

Even if we take it as read that 73% of the sites are running vulnerable versions of WordPress we still can’t conclude that 73% are in fact vulnerable. There are common security strategies that the researchers didn’t test for, not least using a Web Application Firewall (WAF) that can put up a protective shield in front of vulnerable websites.

By the way, the first rule of WordPress security, always run the latest version of WordPress, holds true even for sites running behind a WAF. They are not mutually exclusive and should be considered as separate parts of a strategy of defence in depth.

In addition to skipping over reasons why the 73% might be a little on the high side the study also leaps acrobatically past a totally different set of reasons why it might be a bit on the low side.

The limited scope of the research meant that it didn’t account for other forms of automated attacks against WordPress installs such as targeting weak passwords or flaws in popular plugins.

As diaphanous as the study’s precision might be, the broad thrust is correct and it contains a useful message; users of WordPress need to be diligent about security because they are using software that is popular enough to be of interest to criminals who conduct large-scale automated attacks.

10 ways to keep your WordPress site secure

If you are running a website that uses WordPress here are 10 suggestions to help you avoid ending up in the 70% (or whatever large number it is) of vulnerable sites.

  • Always run the very latest version of WordPress
  • Always run the very latest versions of your plugins and themes
  • Be conservative in your selection of plugins and themes
  • Delete the admin user and remove unused plugins, themes and users
  • Consider hosting with a dedicated WordPress hosting company
Source: nakedsecurity.sophos.com
You might also like
Top 10 Awesomely Impressive Computer Hackers — TopTenzNet
Top 10 Awesomely Impressive Computer Hackers — TopTenzNet
Top 30 Dangerous Computer Viruses
Top 30 Dangerous Computer Viruses
JOOAN JOOAN 770 HD 720P Wireless IP Network Camera Pan/Tilt Video Monitoring Home Security Surveillance - Updated Version
Personal Computer (JOOAN)
  • Learn more about our new updated 770 model: High quality microphone perfect sound monitoring; Two way audio; Pan/tilt; Remote live viewing via Tablet, Smartphone...
  • Easy to set up and use(make sure the camera is in factory reset condition); Indoor use only; HD 720P camera lens, supporting infrared night vision.(It won t record...
  • CAUTION: THE CAMERA DOESN T IDENTIFY A WIFI NAME MADE UP OF SPECIAL CHARACTERS(LIKE @, #, $, %, &, *), PLS MAKE SURE YOUR WIFI NAME IS MADE UP OF LETTERS AND...
  • TIPS: AS FOR USING PC CLIENT TO SEE THE FEED, PLS DO THE BELOW STEPS:Pls click the link: .yoosee.co to download CMS computer client(Pls use 0.14 version or 0.19...
  • Simultaneous viewing for 3~5 participants based on the conditions of your wifi. Pls note you have to use 3~5 different Yoosee registered account for simultaneous...
Top Fun Game IT World News
Mobile Application (Top Fun Game)
  • Get the news about latest events regularly
  • Latest international news from established publishers
  • Easy-to-use everyday newspaper
  • In-App Purchase app
JOOAN Jooan 700 WIFI Video Monitor HD IP Camera with Two Way Audio Support
Photography (JOOAN)
  • High Quality Video - Get into the details with 720p high-definition video; Stay connected with Two-Way Talk, Scheduling and Mobile & Web apps. CAUTION: THE CAMERA...
  • Fast and easy setup - Use your smartphone/tablet/PC to find your Wi-Fi network(do not support 5G wifi network), do steps as the manual, live stream in minutes; Camera...
  • Field of View - 120 degrees diagonal, plus high quality Night Vision, means you don t miss a thing; TF Card Recording - Review footage and make clips with optional...
  • TIPS: AS FOR USING PC CLIENT TO SEE THE FEED, PLS DO THE BELOW STEPS:Pls Click The Link: .yoosee.co to Download CMS Computer Client(Pls Use 0.14 Version or 0.19...
  • Hope you enjoy our camera, and any news pls do not hesitate to contact us firstly. Thanks a lot ! !(Email: wendy@qacctv.com; Skype: wendyyu1215).
OpetHome Water Resistant Outdoor Foldable Daypack Climbing Convenient Light Weight Run Cycling Photography Camping Travel Outdoor Sport Hiking Backpack 37L Green
Sports (OpetHome)
  • LIGHTWEIGHT:(11.3oz) and ROOMY(35 Liters). A true space saver. Stuff the bag into its own pocket for storageno extra fees,and unzip it when you reach your destination...
  • DURABLE:The backpack is made from Diamond Ripstop and Water Resistant nylon fabric,provide strengthen and long-lasting performance with minimal weight
  • COMPACT:Folds into zippered inner pocket to fit anywhere. Unfolds from pocket to backpack. Must have on every trip
  • MULTI COMPARTMENTS:Features a classic shape with several pockets for storage and organization. This backpack has a roomy main compartment,two front zipper pockets...
  • Ultra-light,Ultra-durable,Ultra-awesome Backpack,perfect for day-to-day use or occasional travel,and great gift for everyone. Safety whistle buckle at fixing band...
Vapps Top Trends
Mobile Application (Vapps)
  • entertainment
  • Latest technology news
  • gossip
  • smart phone & Tablets
  • business
Related Posts