If there is a God of the digital world, WordPress might as well be it. It is considered by the masses as the “go-to” tool for website or blog creation—and as an internet platform, it powers a staggering one third to one half of all websites in existence, stealing a substantial portion of market share and dwarfing the successes of competitors like Drupal, Blogger, Joomla, and SharePoint. For those that love the grit—WordPress is the leading open-source Content Management System (CMS) that assists you in the management of your website and its content—and without the user needing to have a degree in programming! Licensed under GPLv2, WordPress software is free to use, easily modified, and instantly installed on to your device in just five minutes.
First released in 2003, WordPress has developed and evolved at some pace over the past 15-years—leaving an unimaginable impression on the internet. Open Hub’s Project Cost Calculator estimates that it took the equivalent effort of 112 people years to create the fundamentals of WordPress, an undertaking that encompassed 423,759 lines of code and required project funding of more than $6 million—and with its entire operation globally managed across 51 countries by just 532 employees.
Just last month, in October 2018, netcraft published survey results stating that the estimated number of active websites currently sits at more than 172 million and potentially, up to half of those are using WordPress. It now operates under version 31 called “Vaughn” with WordPress.org reporting nearly 18 million downloads of this version alone. Still statistic hungry? There’s plenty—WordPress is available in 52 languages and powers multiple Fortune 500 companies including Walt Disney, Microsoft, and Sony Music. It swanks 175 million page views and more than 41 million user publications per month, along with 60 million user comments and 409 million monthly viewers. And as of November 14, 2018, it beats Alexa’s global website ranking of 58.
No Vaccination For Immunity
Bucket loads of fresh, dynamic communication and data is coinage of the internet, and there is no better way to draw traffic than to write about something that is—well— already drawing traffic. Plugins support this process by allowing you to increase the functionality of your website and stay competitive through the adding of new features, just like apps do for your smartphone. We wouldn’t blame you for thinking that the WordPress platform of such magnitude, devoted spends, and with years of growth must be immune to hacking vulnerabilities —oh how we wish that were true.
WordPress.org currently offers 48 thousand free plugins, with countless others available from various providers, and more still to choose from buy specialized developers, often referred to as “premium plugins.” But they can, in a similar way to a downloadable app, leave our systems vulnerable to attack.
A WordPress General Data Protection Regulation (GDPR) plugin was recently discovered to contain vulnerabilities that meant a hacker could win control of a website and proceed to threaten tens of thousands. The particular version of this plugin comprised vulnerabilities that allowed hackers the ability to intercept and infect exposed sites. WordPress.org advise those with this plugin to immediately update to the latest version (1.4.3, correct of 11/16/18) or if this is not possible, to deactivate and remove it.
Just like any machine-ware, optimum functionality is maintained through regular servicing and updates. You wouldn’t run your mower for 10-years without stopping to sharpen the blades or replace the safety shield, but to our detriment, we can often assume a different mindset when it comes to the security of our hardware, applications, and WordPress site security.
Under The Spotlight
2018’s analysis of top security websites found that a third of leading WordPress sites were running with outdated security. Nevermind that WordPress.org regularly issues security and maintenance updates; we have seen four updates this year already. Of the estimated 75 million websites that use WordPress, nearly half of the most prestigious websites across the globe have not updated to the current version, consequentially leaving themselves open to vulnerabilities threatening the data of their users—and subsequently, their business reputation.
But let’s not prevaricate. Setting aside time for software updates is about as enthralling as watching grass grow, but we must bring home the importance and recognize the real consequences of noncompliance—and more importantly, remember that sophisticated technology these days allows us to schedule or consent to automatic updates, so there is really no excuse for outdated software.
Don’t Fall Victim
As a platform for the world’s biggest public network, WordPress is massive. As official numero uno, it’s directly linked to millions of websites. And, of course, all of these factors make WordPress a likely target for cyber attacker seeking exploits, as they can instigate a process of replication across thousands of sites, a truly terrifying thought. Failing to install updates makes you a primary target, and contrary to what we might think, hackers rarely locate software vulnerabilities by themselves. When a software publisher informs its users of a set of changes to a computer program such as a security update and known as a “patch,” It notifies hackers. So, if you don’t act, you become incredibly susceptible, and the more time that passes without action, the more vulnerable you become. WordPress might well be the God of cyberspace, but if you consider your digital-God to be unbreakable, wholly armored against attack, and immune to devastation, you could not be more wrong.