WordPress News:33% of WordPress Sites are facing Security Risks for being at least 2 Versions Behind!

Are you wondering why you must regularly update your WP site? If yes; read on! After reading this post, you will not only understand the significance of keeping your WordPress site updated but you will also understand how you are providing a golden chance for hackers to steal your site’s data.

To your surprise, there are around 33% top WordPress sites that are still facing security risks for being 2 versions or more behind!

The numbers clearly tell us that anyone who is not updating the WP site is simply putting their site and all of its data at risk. While this is not something to be scared of but you must realize that security is not solely dependent on the software. In fact, security is complicated and one way to ensure it is to keep a check on your site while updating it regularly. Also, you cannot eliminate the security risk absolutely asthere is no such term as absolute security but yes you can mitigate the risk of a security breach from time to time management.

Quantcast Top 10,000 Survey Revealed a Need for Critical Updates

As we know about the new update to WordPress version 4.9.5, a research was performed to check how quickly WP sites are updating, including how many of these sites are still many updates behind. For this Quantcast top, 10,000 sites were crawled and it was found that more than 50% of sites were either not updated to the latest WordPress version or even multiple updates behind.

As per the disconcerting results; around 49% of WP sites were found running without updating to the latest version while 33% were found to be multiple updates behind. It is an undeniable fact that WP sites that are failing to stay updated with new releases are nothing but a huge concern. They are one of the best and most common platforms for hackers to easily attack against. After all, as soon as they get any exploits, it may easily be replicated on thousands of sites.

In other words, such sites play fast and loose with well-recognized vulnerabilities and this is exactly what any site would need to get hacked.

So before we dig deeper into the research findings, let us first have a look at; what these sites are actually missing out while running an older version?

Well, WordPress is free of cost platform. With every new release, the developers aim at fixing bugs, improving performance, adding new features and enhancing existing features to remain up to date with all the industry standards. In other words, when a site owner fails to update the WP site, majorly they risk the site security that is unarguably the most significant reason,for which, you must keep the WordPress site updated. Due to WordPress immense popularity, it is the most common target for malicious code distributors, professional hackers,and data thieves.

Any site that fails to stay updated alsomisses out all the new and cool features that each WordPress release offers. For instance, WordPress 4.0 offered enhanced plugin installationexperience, 4.1 offered inline image editing and 4.2 introduced faster plugin updates.

In addition to that WordPress developers always intend to make things faster. With every new release come the numerous performance improvements which helpWordPress to run faster and in a much efficient manner.

Last but not the least, regardless how rigorously you test the major releases of WordPress, oftentimes; bugs easily slip through the cracks. That is exactly why you get timely yet minor WordPress releases to fix these bugs. For example, the recent WordPress update 4.2.3 fixed almost 20 bugs right from the 4.2 release.

So if your WordPress site is multiple updates behind, now you must have got the idea of what you are actually missing out and how vulnerable it is. For your better understanding, let us now discuss the key findings of Quantcast Top 10,000 survey!

Key Findings and Methodology of Quantcast Survey

The survey was performed by designing a tool that crawled through the homepages of each site in the Quantcast Top 10000. To get the most accurate results, the survey was conducted on 5th April – 2018, right after two days of WordPress release 4.9.5. This means that each site has already received around 48 hours to get updated to the latest version and if any site is configured to get updated automatically, it would have already updated by then.

Owing to the time-consuming nature and complexity of the scan, the survey was only conducted for the homepages. Considering the Quantcast Top 10,000, around 17% of site homepages were actually running on WP. Not to mention, the number of sites that are using WP for running other portions of sites including blogs are obviously much higher.

As per the key findings of the survey;

  • 17% of Quantcast Top 10000 sites run majorly on WordPress
  • 50.93% of these sites were found running the most secure and latest version
  • 49.07% of websites were not running the WordPress latest version
  • 33.58% of websites were found at least 2 updated behind

Reasons Why Site Owners Forego WordPress Updates

There is one major reason why many site owners’ don’t update their WordPress site. Regardless how much we emphasize the importance of keeping yourWordPress site updated, the fundamental reason why site owners forego the idea is because they worry about impacting the stability of their site.

For instance, WordPress plugin might stop working. This happens when you do make changes to the theme but don’t incorporate these changes into the child theme.These changes may get wiped in the upcoming update. Also if you run an online business, the prospect of downtime may seem a lot more costly than facing the risk of attack or malware.

Regardless what reasons a site owner may have, it cannot be emphasized enough that your WordPress site is in need of constant attention. As per the Ken Dawes– a senior WordPress expert;

One of the biggest problems in terms of WP security is making people realize that maintaining a WordPress site is like taking care of your pet. If you fail to take care of their grooming, feeding, vaccinations and other requirements, you are likely to face severe problems.

As a matter of fact, as we speak of taking care of your WordPress site, this means ensuring regular update to the latest version while also keeping all of your plugins up to date as well. For this, you need to find a service provider that not only take care of your WordPress Security but also keep your site updated.

Hackers Don’t Find Vulnerabilities on Their Own

As discussed earlier, the WordPress releases are aimed at providing new features and to improve the security that is obviously critical to any site. However, what we fail to realize is the fact that cybercriminals also keep an eye on everything that is getting fixed. In fact, these hackers don’t really find these vulnerabilities all by themselves but we provide them this chance by not updating to the latest update.

Whenever WordPress puts out a patch that may also include a security update, this tips off cybercriminals to the fact that vulnerability is likely to exist on a WP installation that neglected the said update.In brief, if you fail to update, you successfully become a target and the longer you manage to wait the more vulnerable you get.

Not to mention, it is not easy to repair a hacked site. Typically, when hackers invade a site, they create new and hidden entry points that continue to keep your site vulnerable until you close them all. Otherwise, nothing can stop hackers to again find a way back in. This is nothing less than a horrible scenario for a business that containscrucial and confidential information of the clients including their credit card numbers.

Thus the findings of the Quantcast Top 10000 research are definitely alarming and the figures are an outright indication of danger.

Hackers Don’t Care Who You

There are many site owners who are often found asserting that they have not updated their WP site in years and are still working fine, without being hacked. Also, some say that their business is a small one and whywould any hacker bother to invade it in the first place?

Well, this is a huge misconception. People need to understand this universal problem. Hacking is just a game of numbers. Almost every site gets hacked randomly by hack-bots almost every other day. The bots simply go through the IP addresses lists and attack these sites using the list of exploitable and known vulnerabilities. In other words, it’s all about presenting the vulnerable site to the right bot but at the wrong time.

As soon as vulnerability is found in your site’s WordPress version, hackers don’t care what you do and who you are. They create an exploit in terms of that vulnerability and cast a wide net, mostly automatically, searching for the one not up to date. This further leads to stealing of account information. This information may also be used to attack your other associated systems.

To mention the worst, hackers might completely trash your website and use it as the storage to store important data. In terms of your business, nothing could create a worse public image than the news that your site did not meet the security standards and was compromised.

Keeping theWordPress SiteUpdated is No Brainer

It is fairly easy to update yourWordPress plugins, core and themes as soon as there is a new release. This can be done by using WordPress built-in update notification feature. The system is designed to highlight the available number of updates in a timelymanner and as soon as you log into the dashboard of WordPress.

This is a one-click process that can be completed by visiting Dashboard> Updates and by installing the available updates. For this, make sure you login to WordPressdashboard on daily basis to avoid missing out any update. However, if you stay busy in carrying out your business activities and checking updates is the last thing on your mind, what else could be more helpful then getting notified through an email?

This is absolutely possible!

All you need is to install and run the Updates Notifier plugin and you are done. The plugin will check for updated on hourly basis. You can also modify these settings or keep it to once or even twice daily. Thus, whenever there is an update, you will easily be notified through an email.

Last but not the least; you can always go with the feature of auto update installation. You can easily automate this process and enjoy automated updates for plugins, major releases,and themes. It is a more preferred option if you are using managed WordPress hosting. In that case, these hosting companies will update your site automatically to the latest version while keeping an eye out for everything that breaks.

Above all else, the one advice you can take from this discussion is that never fall into the trap of assuming that your site doesn’t need to remain on top of updates. It is nothing but false economy to avoid updates. If you have a practice of not making updates because you are afraid that the site might break, you must be cognizant of the huge risk of your site being compromised.

This means that you should be willing to accept the associated risk of getting hacked at any time. In other words, if your site contains confidential and personal information of the clients or website visitors such as email addresses, names, credit card information and others, you better be accepting of your legal liabilities!

Ifyou find this information useful and if you have the experience to share with us, feel free to use the comment section below!