Software Maintenance & Website Security

hacker

Key Points

Software vulnerabilities are an inevitable byproduct of having a content management website
To ensure security, website software should be checked and updated on a regular basis
If software is not updated, your site will eventually be hacked
Google flags websites as “unsafe” if they are hacked or contain malware
Automatic software updates are conceptually a good idea but there are many considerations before deciding to use them

Your content management (CMS) website, be it WordPress or Joomla, needs periodic maintenance to ensure adequate security.

When you choose to use a content management website, you must make a commitment to periodically maintain it. If software updates are not applied, it’s not a question of IF a website will be hacked, it’s a question of WHEN. If your site gets hacked or infected with malware, Google will flag your site as “unsafe” and warn people not to visit it.

On a content management site, there are many software components such as the core platform, various plugins, a theme, etc. At any given time, this mix of software often contains security vulnerabilities. This is an unfortunate and inevitable byproduct of open source content management systems.

“…the leading cause of infection could be traced to the exploitation of software vulnerabilities in the platform’s extensible components… the integration of plugins, extensions, components, modules, templates, themes…”
from Sucuri’s blog post Website Hacked Trend Report 2016 – Q1

That said, these vulnerabilities usually get fixed relatively quickly thus minimizing the threat to your website. But here’s the problem: website owners must take action to get these fixes applied to their websites. And they very likely don’t know they have software that needs updating. They don’t know their sites are at risk of being hacked. If vulnerable software is not updated, hackers will eventually find a way to gain access to the site. The best defense is to simply keep your site software updated.

As a rule of thumb, have your website software checked and updated at least monthly. It’s critically important to your website’s security to have software updates applied on a regular basis.

But What About Automatic Updates?

WordPress 4.2.4 – security release

wp-logo-stackedSecurity Release
This release addresses six important security issues, so you should ensure your site gets updated ASAP.  Here’s the official blog post from WordPress.org with details of what is contained in the release.

If you have automatic background updates enabled, that’s the default setting for minor and security releases, then you should receive an email from your site when it has been updated.  The email is sent to whomever is designated to receive admin emails in your General Settings. I received several of these notifications yesterday covering the sites I manage.

So to ensure your site’s security, please check that your site is updated. Also, keep your eye out for the next major release, WordPress 4.3, slated for release on August 18.

Hackers vs. Your Website <br><small><span style="color:#a0a0a0;">Be Afraid, Be Very Afraid</span></small>

Lock Your WebsiteI’ve already written about the importance of updating your website software because hackers take advantage of sites running older, out of date software often containing well known bugs and vulnerabilities.

If you’re a website owner running WordPress, Joomla or other popular CMS, this is a serious issue that shouldn’t be ignored. We’re not just talking about Joe Schmo, amateur hacker here. We’re talking about large-scale, sophisticated attacks using sophisticated software on sophisticated networks. Did I mention they’re a sophisticated lot? And don’t be fooled into thinking hackers wouldn’t be interested in your small or obscure site. Hackers will attack any website regardless of size or purpose.

Joomla Security Releases Available – 2.5.25 & 3.3.4

Joomla Security ReleasesThe Joomla Project has made available two security releases (i.e. they address security issues in the Joomla core software).  If you have a Joomla website, then you should keep the Joomla core software up to date – particularly if it addresses security issues.  This helps protect your website against security issues like malware, viruses and hackers.

WordPress 3.8.2 – security release

wp-logo-stackedSecurity Release
This release addresses some important security issues, so you should update your site ASAP.  Here’s the official blog post from WordPress.org with details of what is contained in the release.

This is the first security release to come out since automatic background updates were implemented so you may already be on this release – assuming you have not explicitly turned off automatic updates.  If you have not turned off automatic updates, then you should receive an email from your site when it has been updated.  The email is sent to whomever is designated to receive admin emails.

Joomla Security Releases Available – 2.5.19 & 3.2.3

Joomla Security ReleasesThe Joomla Project has made available two security releases (i.e. they address security issues in the Joomla core software).  If you have a Joomla website, then you should keep the Joomla core software up to date – particularly if it addresses security issues.  This helps protect your website against security issues like malware, viruses and hackers.

Importance of keeping your website software up to date

Hacked!Ok, so you have a Joomla or WordPress website, and you can now make minor, or maybe even major, content updates yourself… Great! Don’t have to worry about website maintenance anymore, right?… But wait, have you thought about the “health” of your website? How long has it been since the content management system (CMS) software was last updated? Did you even realize that it should be updated?

Joomla 2.5.16 – Security release

Joomla.orgThe Joomla Project has made available a security release (i.e. it addresses security issues in the Joomla core software).  If you have a Joomla website, then you should keep the Joomla core software up to date – particularly if a release addresses security.  This helps protect your website against security issues like malware, viruses and hackers.

See this link for details on the release and how to apply the update: http://www.joomla.org/announcements/release-news/5518-joomla-2-5-16-released.html