Survey Finds Most WordPress Blogs Vulnerable

BlogSecurity writes "Security analyst David Kierznowski shocked bloggers yesterday with a survey showing that 49 out of the 50 WordPress blogs he checked seem to be running exploitable versions of the widely used software. He said, 'The main concern here is the lack of security awareness amongst bloggers with a non-technical background, and even those with a technical background.' Mr Kierznowski also uncovered recent vulnerabilities in WordPress plugins that ship by default with the software, adding: 'WordPress users developing plugins must be aware of the security functions that WordPress supports, and ensure that these functions are used in their code.'"

irony?

[dotpavan]

where is this article hosted? [blogsecurity.net] yes, wordpress powered site!

How do you fix it?

[jshriverWVU]

As a wordpress user how do you fix it? I only blog to keep in touch with family and friend who live out of state. But it's been a fun project, though if it is easily exploitable I'd like to know how to fix it, and not just "you're site is EZly hax0red"

Wordpress

[wumpus188]

The problem with WP that it is a major pain in the ass to update, especially if you're running somewhat customized installation. Besides, most bloggers are not technical people and just use whatever version someone installed for them (or installed by their provider).