98% of WordPress Blogs Vulnerable


Did that headline get your attention? It should because it’s true. It may or may not actually be 98% but it is high! Do me a favor and if you use WordPress, go check what version you are running. You can find it at the bottom of your WordPress admin screen. Now that you’ve done that, answer these two questions:

  1. Is it WordPress 2.2?
  2. Is it WordPress 2.0.10?

If you answered no to both of these questions, you’re vulnerable. Go upgrade now, please. I’ll wait.

BlogSecurity surveyed 50 WordPress blogs and found that in 49 out of 50 cases, the WordPress blog is not one of the currently maintained branches of the software – WordPress 2.0.10, the latest in the 2.0 branch which will be maintained until 2010, or WordPress 2.2.

Feeling violated?

I didn’t believe the number so I did an informal survey myself. Guess what? Nine of the ten blogs I looked at also were not up to date.

The reality is that most people don’t want to take the time to keep their blog up to date or worse yet, they wait for their host to do it for them. At my last job, we had a saying: Cover your ass because no one else will cover it for you. If you are not able to handle this, hire someone (like me) to take care of it for you for a fee. The investment is worth it if you value your blog.

For the record, WordPress 2.1 and all it’s subsequent releases in that branch are security hazards. WordPress 1.5? Please don’t get me started.

BlogSecurity’s survey results, for whatever they are worth are as follows:

WordPress Ver Blogs
1.2 2
1.2-beta 2
1.2.1 3
1.2.2 4
1.5 7
1.5-gamma 1
1.5.1.1 1
1.5.1.2 1
1.5.2 1
2.0 4
2.0.1 3
2.0.2 1
2.0.3 1
2.0.4 6
2.0.5 3
2.0.6 2
2.1 2
2.1.2 2
2.1.3 3
2.2 1
Total 50

Crazy, eh? Who’s running WordPress 1.5-gamma?