If you own a WordPress website and you haven’t updated your WordPress version lately you might be getting a warning soon. And no, this is not the warning you get when you open the WordPress CMS, it is a warning from Google.
Last week the first people started noticing that Google had sent them a message within Google Webmaster Tools saying they should update their WordPress versions. I myself today got an e-mail from GWT saying one of my sites needs an update.
The e-mail or message in WMT tells you your site appears to be running an older version of WordPress and that you should update because otherwise your site may be vulnerable to hacking or malware.
When asked through Twitter about the messages Matt Cutts responded it was in fact a new policy from Google.
The fact that Google is ‘pushing’ the updates is remarkable but also makes sense. Not-upgraded WordPress sites are fairly easily hackable and therefore a possible danger for Webspam in the SERPS.
If you are thinking: “how does Google know I am not running the latest version?” the answer is simple: it is in your code, which anybody can see by using “view source”.
WordPress expert Joost de Valk is happy with the new policy:
“I think it’s awesome that Google is sending out these messages and urging people to upgrade. I deal with hacked blogs on a regular basis, often because I’ve been hired in a “hey, we’ve lost all our search traffic!!” panic. Upgrading WordPress and the plugins within is the best way of keeping secure, next to making sure you have decent backups of your database and files.”
It does look like this is part of something which Google decided to do two years ago, but maybe that never really got off the ground. Maybe that is what Matt means with “fresh run”.
___________________________________________________
___________________________________________________
___________________________________________________
___________________________________________________
___________________________________________________
___________________________________________________
___________________________________________________
And, of course, leaving the version of WP in your site meta will also give away to hackers that you are vulnerable.
Apart from ensuring you are up-to-date, it’s also recommended that you remove the meta that gives this information away.
For example… http://digwp.com/2009/07/remove-wordpress-version-number/
I use the plugin WordPress SEO from Yoast where u can Hide the WordPress Generator by checking the box in the indexation –> clean up section part. This also works great.
All of the WordPress exploit code I’ve seen doesn’t look at your version number. It just tests the exploit. And even if you hide the generator
metatag in your theme, people can still tell which version you’re running. You’re running 3.1.3, for instance.Mark knows whereof he speaks from here. Hiding your generator tag does nothing. Hackers don’t look for it or care, they probe for vulnerabilities more directly (usually using vulnerable plugins), or they just run a ton of known exploits against your site hoping one of them will work. They don’t care about the version number, at all.
Also, it’s easy to tell your version even hiding the generator tag. Heck, I wrote a piece of code that does just that. Mark then went and wrote a better one, I believe.
[...] here to read the rest: Google Now Warning WordPress Users They Need To Update – Google … Posted in WordPress on Blog | Tags: [...]
This is why people need to ensure they have a Service Level Agreement (SLA) with their web provider. As a business owner you should not need to worry about the point version of your CMS.
If you don’t know whether your agency is updating your CMS regularly, then send them an email today and make sure your assets and your customers are protected from malware attacks. Your brand will be irreparably damaged if a customer is infected with malware after a hacker has compromised your site.
[...] van den Beld received a new notification from Google Webmaster Tools that has never been seen [...]
[...] Google have begun notifying folks to update software running on their servers. The news comes from Bas van den Beld on the State of Search blog. [...]
A single question lingers on my mind: how do we opt out of this service?
Last time I checked, I haven’t elected Google the system administrator of the WWW.
Don’t use Google Webmaster Tools.
@Z – Google Webmaster Tools is a service you need to manually sign up for, your comment doesn’t make sense in this context.
@Brad – with the vast majority of hosts you are in charge of what you install on their hosting service, which is exactly as it should be.
@David & @Jacco – the only thing that hiding the WP version number does is makes it harder for people who notice to let you know that you need to update. Most hacking is bot driven that simply runs through the exploits to see if you are vulnerable. If you are going to do it though, you might as well actually hide your versions. Neither of you did so:
http://www.artiss.co.uk/readme.html
http://www.boekjereis.net/readme.html
@Bas “also makes sence” – should be “sense”
Now that’s just mean! But a good point – I’ll remove it.
David.
Thanks for that info. But although i removed the readme.html, it still shows up for some reason…
I did manage to block it though with the following added in my htaccess file.
order allow,deny
deny from all
Well, ok, but my point wasn’t that you guys needed to do *more* to hide your version. As I said earlier, it’s rather a pointless thing to do really. It’s a concept called “security through obscurity”, and it is very weak to say the least, especially with WordPress. Besides, you can still see the versions. View the source in your html, and look at the query strings at the end of your ajax.googleapis.com calls.
Michael,
You are, of course, right. As soon as I posted my original reply I realised the error of what I was saying – if you’re going to the job of hiding your version (as I was attempting) you’re probably keeping it up to date anyway. What mad person would keep it out-of-date but go to the effort of improving security by hiding the version number?
David.
[...] deciso di rompere il muro di silenzio che lo separa dal mondo dei vivi. Uno degli autori di State of Search, infatti, ha ricevuto una notifica molto interessante: un invito ad aggiornare la sua piattaforma [...]
I wonder if webmasters who don’t (know how to) upgrade their WordPress site have a Google webmaster account.
Well, at least one person has one and doesn’t know how to
[...] van den Beld received a new notification from Google Webmaster Tools that has never [...]
[...] utilisateurs de WordPress et de Google Webmaster Tools ont eu la surprise de recevoir un e-mail d’alerte de la part de Google les invitant à mettre à jour leur installation de WordPress. Voici comment cela a été rendu [...]
[...] internet dan web suatu tempat yang selamat, kini Google melangkah setapak kehadapan dengan menghantar emel notifikasi kepada para pemilik web berasaskan WordPress yang mana tidak mengemaskini [...]
[...] the popular content management and blogging software WordPress. Apparently as early as last week, State of Search reports, users whose WordPress was out of date were receiving notices from the Google Webmaster [...]
[...] the popular content management and blogging software WordPress. Apparently as early as last week, State of Search reports, users whose WordPress was out of date were receiving notices from the Google Webmaster [...]
[...] the popular content management and blogging software WordPress. Apparently as early as last week, State of Search reports, users whose WordPress was out of date were receiving notices from the Google Webmaster [...]
[...] no solo te va a avisar WordPress que actualices cuando accedas a tu escritorio, resulta que ahora también Google puede avisarte de que actualices WordPress cuando estés usando una versión antigua, para que evites problemas de seguridad [...]
[...] no solo te va a avisar WordPress que actualices cuando accedas a tu escritorio, resulta que ahora también Google puede avisarte de que actualices WordPress cuando estés usando una versión antigua, para que evites problemas de seguridad [...]
[...] דרך כלי מנהל האתרים של גוגל (Google Webmaster Tools). הכלי החדש יתריע בפני בעלי אתרים כשהאתר שלהם עושה שימוש בגרסה ישנה של [...]
[...] דרך כלי מנהל האתרים של גוגל (Google Webmaster Tools). הכלי החדש יודיע לבעלי אתרים כשהאתר שלהם עושה שימוש בגרסה ישנה של [...]
[...] State of Search reports that Google is warning wordpress users to update their version to avoid hacking and malware. [...]
[...] Google Now Warning WordPress Users They Need To Update [...]
[...] and blogging software WordPress. Apparently as early as last week, State of Search reports, users whose WordPress was out of date were [...]
[...] у ролі Робін Гуда і розсилати подібні повідомлення. Як повідомляє StateofSearch.com такі листи вже почали отримувати перші [...]
[...] Google Now Warning WordPress Users They Need To Update State of Search: The e-mail or message in WMT tells you your site appears to be running an older version of WordPress and that you should update because otherwise your site may be vulnerable to hacking or malware. [...]
[...] owners of websites who are still using an older version of WordPress, as per the reports given by State of Search many users and owners of WordPress sites who still are functioning their sites on previous [...]
[...] This is an interesting proactive approach by Google for WordPress users - Google Now Warning WordPress Users They Need To Update – http://www.stateofsearch.com/google-now-warning-wordpress-users-they-need-to-update/ [...]
[...] no solo te va a avisar WordPress que actualices cuando accedas a tu escritorio, resulta que ahora también Google puede avisarte de que actualices WordPress cuando estés usando una versión antigua, para que evites problemas de seguridad [...]
[...] hacked. It’s such an important factor that Google has begun notifying people through their web master tools account to get with the program and update their [...]
[...] http://www.stateofsearch.com/google-now-warning-wordpress-users-they-need-to-update/ Like this:LikeBe the first to like this post. Tags: word press Comments RSS feed [...]
[...] there is always a “but”), it is vital to keep the version you are using up to date. Google is warning owners of sites with older versions that their site is vulnerable to hacking or malware that can hurt your users, [...]
Never read about this before. Good thing that Google keeps WMT-users up to date!
it means we have to always update our blog other ways google stop its accounts with our blogs>>?/