Several sources reported yesterday that WordPress runs on a whopping 30% of the top 10 Million most popular websites on the entire Internet. Also, WordPress currently powers 60.2% of those websites that run a Contact Management System (CMS). One of the sources notes that my alma mater, UNC-Chapel Hill has recently moved its website to WordPress!
This means several things:
- WordPress has a very high brand recognition.
- WordPress is powerful enough to run some of the most popular websites.
- WordPress is secure enough to run some of the most popular websites.
- WordPress continues to grow in popularity.
This is great news! It’s also chilling news. Why?
Just as we have seen with Microsoft Windows over the years, being the “800lb gorilla” means that a lot of hackers are going to take aim at discovering and exploiting vulnerabilities. And just because WordPress is powerful and secure enough to run some of the most popular websites doesn’t mean that all of those WordPress installations are as secure as they can by, including running the most recent version. And there’s the rub.
Plugins and Themes are the most vulnerable vector for malware attacks. The WordPress Core is secure… very secure… at least the most recent version is. And that is true with every new version of WordPress. Automattic, the company that writes and maintains the WordPress Core pushes out minor updates of the Core files very quickly whenever a new vulnerability is discovered in the WordPress Core. So long as the website administrator has enabled automatic updating, the website will be secured when the update rolls out. That was until the February 5, 2018 release of WordPress 4.93. The day after 4.93 was released, 4.94 was released that fixed a “serious bug” in 4.93 that disabled automatic updates.
But if your WordPress website administrator hasn’t run the 4.94 update, your website will never be automatically updated! Never.
Unfortunately, many people who have written Plugins and Themes are not as diligent with their updates as Automoattic is; some developers have completely abandoned their Plugins or Themes, either because they aren’t around anymore, they aren’t writing code anymore, or they don’t care anymore. If there is any exploitable code in the Plugin or Theme, all a hacker needs to do is find the website and load it with malware.
“But why would anyone want to hack my website?” I can tell you that many of my websites — even those that have very few visitors every month — are probed for vulnerabilities more often than they receive legitimate visitors! I have witnessed this nafarious probing increase a great deal in the past few weeks on all of the websites that I maintain.
Unless you have a static HTML “business card” webite that very rarely has changes, you need to step up to the WordPress platform! WordPress allows you to make your own content changes, letting you keep more of you money since you don’t have to call a “web guy” and pay him/her anytime you need to make content updates. Please contact me! Let me save you some serious money!
If your website is already running on WordPress and you don’t know if you’re running the most recent version of the WordPress Core, Plugins, or Themes, please contact me! Your WordPress website may already be infected with Malware!
Let me take a FREE quick look “under the hood”. If I find something, it may need a quick fix, and for a small fee ($30) for the small fix, you’ll be on your way (and I’ll even install some security measures to protect your website in the future!). If it’s more involved and needs a larger fix, we’ll need to talk for a few minutes about how much (or little!) I’ll need for the larger fix. I also offer WordPress Maintenance packages that keeps things updated for an entire year. Contact me if you’re interested!
WordPress is now powering 30% of the web. How high will it go?