If you follow the underground world of domain names, you’ve probably noticed that this past week, a lot of coverage has been focusing on hackers who managed to take over a few domains owned by the Internet Corporation for Assigned Names and Numbers (ICANN), which is the company who regulates the world’s domain names. What you may not have heard about, however, is that in what appears to be an unrelated incident, ICANN also had their WordPress blog hacked about the same time.
In another unrelated incident, ICANN’s official blog was attacked using a recent exploit in the blogging software WordPress. This attack is believed to have been automated and not done with any motivation regarding ICANN itself. The effects were limited to the blog being taken offline for a short while while updates and repairs took place.
ICANN getting their blog hacked was a direct result of failing to upgrade their WordPress installation. Now obviously ICANN has a fairly high profile blog, but this appeared to be a random attack and can truly happen to anyone.
I’ve actually written in the past a few times about the importance of always upgrading your WordPress installation, but what most of you probably don’t know is that I preach this out of personal experience. About a year and a half ago my original WordPress blog was hacked simply because I hadn’t upgraded my WordPress installation. WordPress had released a fix and I didn’t upgrade right away.
I was actually very fortunate that the person who gained access to my site seemed to have good intentions, as he simply warned me to upgrade my WordPress installation. Unfortunately, though, it is something I will never forget. Not only do you feel personally violated when this happens, but I was dumb and used similar passwords for many of my other accounts. Someone with bad intentions could have easily guessed my similar password I used for my email account, then had access to all my accounts and other personal information.
Since that time, I have always upgraded my websites/blogs that use WordPress the day the upgrade is available, and I have always been outspoken to others about upgrading their WordPress installations. The WordPress team has really been doing a great job of lately of testing their software, so we aren’t usually seeing more than 3-4 upgrades within each WordPress branch (2.3.x, 2.5.x, etc.). For those new to WordPress, I remember it often going up to 7 or sometimes more in the WordPress 1.5 and WordPress 2.0 days.
In case you weren’t aware, you have a number of options when upgrading your WordPress installation. Obviously there is the manual upgrade, which many people dread. Other upgrade options include upgrading via Fantastico, or upgrading using a WordPress plugin such as WordPress Automatic Upgrade.
Would you say that you usually upgrade your WordPress installation right away?