Unofficially why 49/50 WordPress blogs are vulnerable: App Security and Dev

There was a survey conducted that said that 49/50 WordPress blogs are running old and vulnerable versions of the software.I inquired about WordPress versions this past Saturday night at a blogger meetup I attended, mainly to share my experiences about blogging and meet other individuals who blog.

I can unofficially confirm the survey. Most bloggers I spoke with were running vulnerable versions. I asked why they did not upgrade. Their answers were generally that:

They hacked [modified] some of the core components of WordPress and were fearful that upgrading would break their code. They further could not export the data and re-import it into the new versions without significant effort.

So here’s a rule for businesses that I learned when I was developing applications that applies equally to the security space:

Don’t change the core code of an application. Don’t customize it to the point where every new version would need to be customized. If you need to modify a COTS app, make a standalone application that interfaces with the core system through the application’s APIs.


  1. Niels Jun 11, 2007 at 10:23 am | Permalink

    Or if you have to modify it, at least document what you have done and clearly mark the modifications.

  2. Kenneth F. Belva Jun 13, 2007 at 6:17 pm | Permalink

    Hey Niels,

    And pray that you can duplicate it in the newer version!


Post a Comment

Your email is never published nor shared. Required fields are marked *