Hacked Reuters site had outdated WordPress install

Reuters's blogging site hacked

Update 8/17/2012:
Reuters’s blog has been hacked again! After the first hack, they still didn’t update their WordPress install. While it is still unclear if the hackers got in (again!) via the outdated version of WordPress, you would think Reuters’ people would patch and update right the way.

Reuters’ blogging site (blogs.reuters.com) was hacked last Friday, and it was done via outdated WordPress software the site was running an outdated version of WordPress (see Mark Jacuith’s comment*)…

Really, can there be a more classic case of why you should keep your WordPress install updated?

So while we at this point we don’t really know for sure how the hackers got into Reuters’ site, this is still a good reminder that why you should keep your WordPress install updated, which also means keeping your themes and plugins updated.

WordPress (self-hosted version) is at 3.4.1 now, and Reuters was using 3.1.1??? Someone had seriously dropped the ball in basic website maintenance, and flushed it down the pipe to the bottom of the Pacific!

I cannot stress enough the importance of keeping your WordPress site up-to-date: the core framework, the plugins, the themes and all that!  The main WordPress development team does a great job in releasing security updates and patches, and WordPress install itself tells you when there are updates available in the admin dashboard.  There is absolutely no excuse why one's WordPress site is not at the latest version.

If you don't log into your WordPress admin dashboard often enough to keep things up-to-date, may be you should consider switching to WordPress.com where all the software maintenance is handled by the WordPress team.  Or hire someone like me to help you keep things in tidy order.

* Mark is one of the lead developers of the WordPress core and a member of the WordPress security team

See Also:

Reuters’s Twitter, WordPress accounts hacked by apparent pro-Syrian government attackers

Summary: The Reuters News blogging platform was hacked on Friday and a false interview with a Syrian rebel leader was posted. It turns out Reuters was using an outdated version of WordPress, suggestin…

  • It is currently unknown how the attackers gained access to their site. Reuters isn’t saying. While it is true that they were running an out-of-date version of WordPress, that doesn’t mean that’s how the attackers got in. Often, attackers get in some other way, and then once inside, begin looking for WordPress installs.

    • Thank you for the clarifications!