Outdated, Unpatched, Abandoned: An Invitation To Come Inside

Dec 21st, 2017

Do you remember when your mother used to tell you to clean up your room?
I don’t want to sound like your mother or like a broken record, but: When was the last time you cleaned up your server?

Outdated and unpatched installations, plugins and theme files are to hackers what unlocked doors are to burglars: an invitation to come inside.

Just yesterday the guys over at Wordfence released an article on the latest attack on WordPress sites (Massive Cryptomining Campaign Targeting WordPress Sites); and that during their research they found out that the attack could at least partially be attributed to an unmaintained WordPress installation on a client’s server.

And only 2 weeks ago we found a total of 6(!) outdated and abandoned WordPress installations on a new client’s server; the oldest one dating back to 2010.
(Needless to say the client had no idea. No idea what we were talking about, that is)

Abandoned WordPress Site from 2010

OK, Great. Who’s Responsibility Is It?

The website owner only wants his website to function properly, and in most cases doesn’t know (or care) what’s going on behind the scenes.
It’s what the developer, the webmaster or whoever else is responsible for the website’s continued functionality gets paid for.

Unfortunately your problems are just beginning:
– Most of the (website-)security-related tasks go way above most people’s heads.
– Most likely because most so-called web designers nowadays have never touched a single line of code. For them it’s all click, drag, done. Why bother?
– Most problems can be solved by installing yet another plugin (NOT).
– Most likely “it’s someone else’s problem” (the hosting company, the previous admin, the man in the moon, etc… *sigh*)

What clients need to understand is that a website needs to maintained just like anything else:
– Think of it like taking your car to get an oil change.
– Having your air conditioning unit inspected (you do that, right?)
– Check your smoke detectors and change the batteries (you do that as well, don’t you?)
– Or even simpler – mowing your lawn or washing your windows.

The Key Is Education

– Education for clients (=website owners) that website maintenance is a necessary evil – like a dental check-up. You might not like it, but if you see a professional, it might save you a lot of pain (literally and figuratively) later.
– Education for all web developers, webmasters, and website managers out there. Either read up on it yourself (quickly!) or at least ask for help from a professional and don’t put your clients’ website (and maybe their and your livelihood) at risk.

One More Thing:

– If you don’t need it anymore, delete it.

About the author:

Nina Khoury is a computer scientist, software engineer, data and information junkie and online marketer. She taught at various universities for more than six years and worked on projects for Fortune 500 companies including cisco, Intel and HP.

Leave a Comment