WordPress security issues are increasing as WordPress developers add new features, improve performance, and enhance existing features to stay up to date with new industry standards. By not using the most recent version of WordPress, companies are risking website security and missing out on new features and improvements. Running older versions of WordPress or older versions of WordPress plugins is software with known security vulnerabilities.
Recent data from the Quantcast top 10,000 shows a substantial number of sites using WordPress are not running the most up to date version. Why are they not securing their WordPress site?
They’ve disabled the auto-update so that they can verify that their plugins will work in each new version before updating, but they have not made it a routine to regularly check for updates and they are unaware that there is a new WordPress version.
They assume that the WordPress will automatically update to the newest version on its own, and when WordPress version 4.9.3. dropped in November 2017, it broke the auto-update, they haven’t manually checked to make sure that they are on the most recent version, and they are unaware that there is a new WordPress version.
They’ve disabled the auto-update and choose not to upgrade because they’ve bought a plug-in that is key to their business, but is not compatible with the updated WordPress version, and they don’t have time to find a new plug-in with the functionality they need.
You just have to look back to February 2017 for an example of the potential risks of not staying up to date. 66,000 WordPress sites that missed a zero-day patch for one of the three reasons above were compromised a week later when an API security hole was exploited.
Contact US Cloud to discuss outsourcing monitoring, patching, and backups, as well as dedicated WordPress hosting.