Poor updating and sometimes no updating is leaving large numbers of WordPress websites open to exploitation in cybercriminal campaigns, according to an analysis by WP WhiteSecurity and EnableSecurity, specialist security consultancies in the U.K.
The study of 42,106 WordPress sites listed in Alexa's top one million in a three-day period earlier this month, found that an astonishing 74 versions of the software in use, only 18.5 percent of which had updated to the latest version, 3.6.1.
The study was carried out on September 12, only one day after release of that newest version; but but the prevalence of older versions is still stark. A total of 6859 sites were using version 3.5.1 (which has eight documented vulnerabilities); 2204 were using version 3.4.2 (12 vulnerabilities); and 1655 were using version 3.5 (ten vulnerabilities).
"This means that 73.2 percent of the most popular WordPress installations are vulnerable to vulnerabilities which can be detected using free automated tools," the WhiteSecurity report states. "It takes a malicious attacker only a couple of minutes to run automated tools that can discover such vulnerabilities and exploit them."
To read this article in full or to leave a comment, please click here
ConversionConversion EmoticonEmoticon