Why YOU should avoid the WordPress CMS

Hi All. Like UNA, Wordpress is a CMS. Content Management System.

About once every week I receive a notice such a the one below. With all the incomparable and unsafe "plug-ins" and "extensions" the unsuspecting WP customer will likely be hacked before long. Then they will be squirting tears of regret.... I have been there. 

It is such a dangerous, time-wasting platform. Once hacked, all your other sites are also in peril, if they are add-on domains.. 

PLEASE Beware if you have an instance of Wordpress anywhere on your server! Because if it is hacked, it can adversely affect your UNA installation.

This morning, the Wordfence Threat Intelligence team was alerted to a zero-day vulnerability being actively exploited in File Manager, a WordPress plugin with over 700,000 active installations. 

Technical details and what you need to do now to protect your site are on the official Wordfence blog...
Regards,
Chloe Chamberland - Wordfence Threat Analyst

  • View
    840
  • More
Replies (3)

    • @banister thank you for posting this. I have a few WP sites. Probably time to switch.

      • If it was that vulnerable, I don’t think it’d still be around. You face this using anything third party addition with any software. Also, Wordfence sends you a “vulnerability” email even if it’s just a plug-in that needs updated. I’ve been using Wordpress and Wordfence since 2011. 

        • True, the problems are mostly with third party add-ons, older wp versions, and weak passwords. 

          The core wp platform is solid and it is being refined everyday by a group of about 50 software engineers. Wordpress is not going anywhere. I'm just concerned that many are not aware of the many potential problems. Problems which your Wordfence Security can address every minute of the day. 

          I must also add that if one's wordpress site is very slow with regard to traffic, hackers will likely not bother with it. They are looking to trick as many unsuspecting people as possible, of course.

          There are many articles which address these issues. Somewhere the truth is out there.

             ~~~

          According to statistics From 40,000+ WordPress Websites in Alexa Top 1 Million, more than 70% of WordPress installations are vulnerable to hacker attacks.

          Ever wondered why WordPress is such a popular target for malicious hackers? Do you know why every year hundreds of thousands of WordPress installations are hacked, even though WordPress users have many WordPress security plugins that they can use? This article uses statistics to explain why.

          The statistics are from a research held between the 12th and 15th of September 2013, just 1 day after the release of WordPress 3.6.1. This update addressed several critical exploitable vulnerabilities, such as a remote code execution. The research was headed by Sandro Gauci, CEO and Founder of EnableSecurity. Mr Gauci also built all the tools for this research.

          WordPress versions statistics | The shocking truth

          The below statistics are are based on 42,106 WordPress websites found in Alexa’s top 1 million websites.

          • 74 different versions WordPress identified.
          • 11 of these versions are invalid. For example version 6.6.6.
          • 18 websites had an invalid non existing versions of WordPress.
          • 769 websites (1.82%) are still running a subversion of WordPress 2.0.
          • Only 7,814 websites (18.55%) upgraded to WordPress 3.6.1.
          • 1,785 websites upgraded to version 3.6.1 between the 12th and the 15th of September.
          • 13,034 websites (30.95%) are still running a vulnerable version of WordPress 3.6.

          WordPress Installations Vulnerable to Hacker Attacks

          Data shows that at least 30,823 out of 42,106 identified WordPress websites have exploitable vulnerabilities.

          This means that 73.2% of the most popular WordPress installations are vulnerable. They are vulnerable to exploitable vulnerabilities that can be detected with free automated tools, within seconds. It is surprising how most of them haven’t been hacked yet.

          It only takes a couple of minutes for a malicious attacker to run an automated tool that can discover these vulnerabilities and exploit them. This highlights the importance choosing the right WordPress web host that auto updates both plugins and WordPress.

          https://www.wpwhitesecurity.com/statistics-70-percent-wordpress-installations-vulnerable/

          Login or Join to comment.