Much like the hundreds of discarded satellites and assorted rocket pieces that circle the planet high above our heads, the Internet is littered with junk. I'm not talking about people taking pictures of EVERY single meal that they sit down to eat. Rather, broken and/or forgotten websites. For the last couple days I've been sailing along the tubes of the Internet looking for broken sites and there is no shortage.
Wordpress implementations come to mind. Nothing against Wordpress but, I'm familiar with that software. I have been using the it for years now. So, natural for me to pick on them…er…select them as my first port of call shall we say?
Patching, for some reason that continues to elude me, is hard. Wordpress is no exception to this rule. Now, when I say that I don't mean the Wordpress organization itself. I mean the people running these sites. This isn't a stand it up and forget about it type of platform. By that logic no software is to be fair.
I did some searches for old Wordpress implementations. I had no trouble finding thousands of them. It comes as no surprise why we constantly read about websites being compromised when there is no shortage of opportunity presented to even the casual attacker.
In my initial search I found this,
This particular gem was released by Wordpress May 14, 2004. Almost 10 years ago. I found another site which was running version 2.9 for a large US university. That particular release came out December 19, 2009. Curious as to when your revision was released? Wordpress.org maintains a list of every iteration and the date they came out. Example,
There isn't a good reason for this poor site hygiene. In the Wordpress case as an example open the admin panel select Dashboard > Updates and you will be presented with this,
Assuming that you're on a version that is remotely current. Notice that security updates are automated now. Nice touch. Be sure that you're at the latest revision and if not upgrade. All necessary caveats in place. Take backups et cetera. If you have a website of any description make sure that the underlying software is current.
When you're on the Internet no one might know that you're a dog. They will however, happily provide you with a free penetration test. The report will no doubt end up here or a similar publication.
Don't run aground.
(Image used under CC from ?perras1d)