There was a survey conducted that said that 49/50 WordPress blogs are running old and vulnerable versions of the software.I inquired about WordPress versions this past Saturday night at a blogger meetup I attended, mainly to share my experiences about blogging and meet other individuals who blog.
I can unofficially confirm the survey. Most bloggers I spoke with were running vulnerable versions. I asked why they did not upgrade. Their answers were generally that:
They hacked [modified] some of the core components of WordPress and were fearful that upgrading would break their code. They further could not export the data and re-import it into the new versions without significant effort.
So here’s a rule for businesses that I learned when I was developing applications that applies equally to the security space:
Don’t change the core code of an application. Don’t customize it to the point where every new version would need to be customized. If you need to modify a COTS app, make a standalone application that interfaces with the core system through the application’s APIs.
Popularity: 19%
2 Comments
Or if you have to modify it, at least document what you have done and clearly mark the modifications.
Hey Niels,
And pray that you can duplicate it in the newer version!
KB