Hacked Reuters site had outdated WordPress install
Reuters’s blog has been hacked again! After the first hack, they still didn’t update their WordPress install. While it is still unclear if the hackers got in (again!) via the outdated version of WordPress, you would think Reuters’ people would patch and update right the way.
Reuters’ blogging site (blogs.reuters.com) was hacked last Friday, and
Really, can there be a more classic case of why you should keep your WordPress install updated?
So while we at this point we don’t really know for sure how the hackers got into Reuters’ site, this is still a good reminder that why you should keep your WordPress install updated, which also means keeping your themes and plugins updated.
WordPress (self-hosted version) is at 3.4.1 now, and Reuters was using 3.1.1??? Someone had seriously dropped the ball in basic website maintenance, and flushed it down the pipe to the bottom of the Pacific!
I cannot stress enough the importance of keeping your WordPress site up-to-date: the core framework, the plugins, the themes and all that! The main WordPress development team does a great job in releasing security updates and patches, and WordPress install itself tells you when there are updates available in the admin dashboard. There is absolutely no excuse why one's WordPress site is not at the latest version.
If you don't log into your WordPress admin dashboard often enough to keep things up-to-date, may be you should consider switching to WordPress.com where all the software maintenance is handled by the WordPress team. Or hire someone like me to help you keep things in tidy order.
* Mark is one of the lead developers of the WordPress core and a member of the WordPress security team