WordPress released version 2.8.4 last weekend, which has been classed as an essential security update after a worm was discovered to be exploiting a ‘permalink URL’ bug. The worm registers itself as a user within a WordPress website and then by exploiting the bug, elevates its privileges to that of a full Administrator.
It then deploys some JavaScript code that stops it from being displayed within the registered users list and rifles through your older blog posts posting comments with spam and links to malware. Although the worm doesn’t damage the look or feel of your blog, it can seriously damage the integrity of your website – visitors don’t like to see spam comments on websites and it most definitely will see your site removed from Google, or have its ranking therein significantly lowered.
For businesses utilizing this powerful open source CMS (Content Management System) these outcomes could be disastrous and may result in a major loss of revenue or customers, and almost certainly cause a drop in traffic to their website. Having your site removed from Google, especially for an internet business, could be compared to a death sentence for the business involved. While the case can be argued with Google themselves these processes do take time, and in the Google search world, any amount of time out of the game results in a large drop down the rankings.
This latest update has sparked yet more debate about the advantages and disadvantages of using WordPress and other open source software within a commercial environment. The advantages are clear – the speed at which you are able to get your website online is much quicker and cheaper than having a custom CMS developed. It also comes with it a plethora of plug-ins to enhance your sites usability, SEO rankings, and features you can offer your visitors. However, it can also be argued that because this is not commercial software there isn’t the expertise in place to offer full support to end-users; so if something like this security update were to happen, businesses would need to wait for the next release – which could take weeks rather than hours or days were there commercially driven professional developers behind it.
This debate will always exist and keep reigniting itself when ever bugs like this one become wide spread knowledge, and with social networking sites such as Twitter and Facebook increasing the spread of news and the speed at which we get it, more and more people will join in.
Just like the security of your homes, the protection of your website is a vital step within the planning of any site – especially if it is business critical. We reported in June that Hundreds of UK Government, School & University Websites had been hacked… even websites you would assume to be secure can often still be hacked, and the content is not always pleasant! Hackers are constantly using more and more complex methods to gain unlawful access to people’s websites, and they are often two steps ahead of the people trying to protect their sites.
