People say it’s dangerous not to update your WordPress… I’ll explain exactly what happens if you don’t update your WordPress.
Why updating WordPress itself and plugins is important for security
If you run a WordPress site, you are often told that updates are important for security.
This is simply because updates often close vulnerabilities that are exploited by the program’s creators.
The following is an explanation of how a site that is not updated can be hacked.
1 A vulnerability is discovered that could very easily allow an unauthorized file to be uploaded onto the server or a database to be rewritten.
About 10 to 20 such vulnerabilities are discovered each year, and the information is made public to alert the public. However, it is also a double-edged sword, as many hackers use this public information to study how to exploit the vulnerabilities and hack.
Hackers themselves sometimes discover major vulnerabilities that no one else is aware of before others do. Such vulnerabilities are called 0-day vulnerabilities. However, sooner or later, vulnerabilities that are used will be exposed by someone through server logs, etc., and shared as public information.
2 When a vulnerability is disclosed, the creator of the plugin, etc., patches the vulnerability to close it and releases an update
In most cases, the vulnerable plug-in producer is notified of the vulnerability and releases a new version of the plug-in with a patch to close the vulnerability.
3 Hackers create tools to attack vulnerabilities and attack a vast number of WordPress sites one after another!
Hackers obtain a huge list of WordPress sites from search engines and other information, develop a program that automatically attacks vulnerabilities found in 1 and notifies them if the hack is successful, attack hundreds of thousands of sites one after another, and repeatedly gain unauthorized access to the sites with the mindset that success is a blessing. If they succeed, they are satisfied.
4 Successful attack on your site’s vulnerability by chance
If you do not update your site, the vulnerability will be left unattended on your site and will one day be hit by a hacker who will automatically attack a vast number of sites one after another.
The hacker will be notified of a successful attack, and a more dangerous backdoor, a malicious program, will be installed on your server.
5 Hackers perform various hacking activities on the successfully attacked site
Hackers can perform a wide variety of activities on a site after a successful vulnerability attack, such as generating a large number of malicious pages, creating users with illegal administrator privileges, altering the theme to misdirect visitors to another site, and using the site as a source of spam mail.
At this point, it often becomes apparent to the site operator that the site has been tampered with.
60% to 70% of sites that are hacked are due to plugin vulnerabilities.
It is said that 60-70% of sites are hacked due to vulnerabilities in plug-ins (the next most common cause is the hijacking of administrator privileges due to weak passwords). It is very important to keep plug-ins and other versions up-to-date for security reasons for the above reasons.
You can also check for vulnerabilities in your WordPress site using a vulnerability search system or a plugin that can also check for vulnerabilities.
We hope you find this information useful.
This page prohibits the use, quotation, or summarization of any page, in whole or in part, by the Generated AI. However, if the following conditions are met, the specification of content using generated AI is permitted.
1. it is not for the purpose of learning by the generated AI. 2. only the summary or title of the page content at a level that does not lead to the solution of the user’s problem is shown to the user. 3. in the case of 2, a link to this content is shown to lead the user to this page.
