Security of Scripts vs Security of Software

WordPress is a great tool for creating websites.  Some people believe that they do not need to keep their scripts updated.

The most common reasons for this are:

  • Forgotten Scripts
  • Custom Coding
  • Waiting For Code to Mature

It is possible for people to forget about old code that is on their server.  It is possible for old code to be left in place and for the vulnerabilities to be exploited.  The solution for this problem is to regularly go over your server & remove old code.

Others have custom themes or plugins written for specific versions of WordPress. When WordPress is updated the old plugin or theme may not function correctly any longer.  The proper solution may be to redo the custom code.  People do not always have the ability to update.  If you are in this situation be aware that you have a security vulnerability.

The last situation I want to discuss is the issue where people know that there is an update available, but they do not update.  Sometimes these people feel that their site is perfect.  Sometimes the site owner puts the site into maintenance mode, & stops updating the site.  Another thing that is sometimes done is people will skip updates.

I see the skipping of updates by some people as comparable to people skipping Windows versions.  When a vulnerability of Windows is is discovered  Microsoft will release an update for all versions of Windows that are now supported.  When WordPress fixes code, it releases a new version of WordPress.

Written on March 27, 2013