Google Now Warning WordPress Users They Need To Update

If you own a WordPress website and you haven’t updated your WordPress version lately you might be getting a warning soon. And no, this is not the warning you get when you open the WordPress CMS, it is a warning from Google.

Last week the first people started noticing that Google had sent them a message within Google Webmaster Tools saying they should update their WordPress versions. I myself today got an e-mail from GWT saying one of my sites needs an update.

The e-mail or message in WMT tells you your site appears to be running an older version of WordPress and that you should update because otherwise your site may be vulnerable to hacking or malware.

When asked through Twitter about the messages Matt Cutts responded it was in fact a new policy from Google.

The fact that Google is ‘pushing’ the updates is remarkable but also makes sense. Not-upgraded WordPress sites are fairly easily hackable and therefore a possible danger for Webspam in the SERPS.

If you are thinking: “how does Google know I am not running the latest version?” the answer is simple: it is in your code, which anybody can see by using “view source”.

WordPress expert Joost de Valk is happy with the new policy:

“I think it’s awesome that Google is sending out these messages and urging people to upgrade. I deal with hacked blogs on a regular basis, often because I’ve been hired in a “hey, we’ve lost all our search traffic!!” panic. Upgrading WordPress and the plugins within is the best way of keeping secure, next to making sure you have decent backups of your database and files.”

It does look like this is part of something which Google decided to do two years ago, but maybe that never really got off the ground. Maybe that is what Matt means with “fresh run”.

Bas van den Beld

Bas van den Beld is a speaker, trainer, online marketing strategist and well-respected blogger. Bas is the owner of Stateofsearch.com and host of the radioshow. -- You can hire Bas to speak, train or consult. -- More articles and bio from Bas van den Beld

Visit Bas van den Beld's website

Posted in Google, News | Tags: Google, joost de valk, News, wordpress

http://www.artiss.co.uk David Artiss

And, of course, leaving the version of WP in your site meta will also give away to hackers that you are vulnerable.

Apart from ensuring you are up-to-date, it’s also recommended that you remove the meta that gives this information away.

For example… http://digwp.com/2009/07/remove-wordpress-version-number/

http://www.boekjereis.net Jacco

I use the plugin WordPress SEO from Yoast where u can Hide the WordPress Generator by checking the box in the indexation –> clean up section part. This also works great.
http://wordpress.org/ Mark Jaquith

All of the WordPress exploit code I’ve seen doesn’t look at your version number. It just tests the exploit. And even if you hide the generator meta tag in your theme, people can still tell which version you’re running. You’re running 3.1.3, for instance.
http://ottodestruct.com Otto

Mark knows whereof he speaks from here. Hiding your generator tag does nothing. Hackers don’t look for it or care, they probe for vulnerabilities more directly (usually using vulnerable plugins), or they just run a ton of known exploits against your site hoping one of them will work. They don’t care about the version number, at all.

Also, it’s easy to tell your version even hiding the generator tag. Heck, I wrote a piece of code that does just that. Mark then went and wrote a better one, I believe.

Pingback: Google Now Warning WordPress Users They Need To Update – Google … | WordPressPlanet.com
http://www.bradfry.com Brad Fry

This is why people need to ensure they have a Service Level Agreement (SLA) with their web provider. As a business owner you should not need to worry about the point version of your CMS.

If you don’t know whether your agency is updating your CMS regularly, then send them an email today and make sure your assets and your customers are protected from malware attacks. Your brand will be irreparably damaged if a customer is infected with malware after a hacker has compromised your site.
Pingback: Google Notifying Webmasters To Update WordPress Blogs
Pingback: Google is telling webmasters to update their software « Mining the WWW for bacon bits.
http://zminer.com/ Z

A single question lingers on my mind: how do we opt out of this service?

Last time I checked, I haven’t elected Google the system administrator of the WWW.

http://www.artiss.co.uk David Artiss

Don’t use Google Webmaster Tools.

http://smackdown.blogsblogsblogs.com/ Michael VanDeMar

@Z – Google Webmaster Tools is a service you need to manually sign up for, your comment doesn’t make sense in this context.

@Brad – with the vast majority of hosts you are in charge of what you install on their hosting service, which is exactly as it should be.

@David & @Jacco – the only thing that hiding the WP version number does is makes it harder for people who notice to let you know that you need to update. Most hacking is bot driven that simply runs through the exploits to see if you are vulnerable. If you are going to do it though, you might as well actually hide your versions. Neither of you did so:

http://www.artiss.co.uk/readme.html
http://www.boekjereis.net/readme.html

@Bas “also makes sence” – should be “sense”

http://www.artiss.co.uk David Artiss

Now that’s just mean! But a good point – I’ll remove it.

David.
http://www.boekjereis.net Jacco

Thanks for that info. But although i removed the readme.html, it still shows up for some reason…
http://www.boekjereis.net Jacco

I did manage to block it though with the following added in my htaccess file.

order allow,deny
deny from all

http://smackdown.blogsblogsblogs.com Michael VanDeMar

Well, ok, but my point wasn’t that you guys needed to do *more* to hide your version. As I said earlier, it’s rather a pointless thing to do really. It’s a concept called “security through obscurity”, and it is very weak to say the least, especially with WordPress. Besides, you can still see the versions. View the source in your html, and look at the query strings at the end of your ajax.googleapis.com calls.

http://www.artiss.co.uk David Artiss

Michael,

You are, of course, right. As soon as I posted my original reply I realised the error of what I was saying – if you’re going to the job of hiding your version (as I was attempting) you’re probably keeping it up to date anyway. What mad person would keep it out-of-date but go to the effort of improving security by hiding the version number?

David.

Pingback: Google ti suggerisce quando è il momento di aggiornare Wordpress
http://Www.Independer.nl Hadebe

I wonder if webmasters who don’t (know how to) upgrade their WordPress site have a Google webmaster account.

http://www.artiss.co.uk David Artiss

Well, at least one person has one and doesn’t know how to

Pingback: Google Notifying Webmasters To Update WordPress Blogs | Wordpress Theme Plugin Tutorial Tips Download
Pingback: L’Hebdo WordPress : WordPress 3.2 – Webschool Bourges – Alerte sécurité | Choisir-son-CMS.tk
Pingback: Google Kini Menghantar Emel Meminta Mengemaskini Pemasangan WordPress | Amanz
Pingback: Google Warns WordPress Site Owners To Update | APNA JAHANIAN | City Portal
Pingback: Google Warns WordPress Site Owners To Update | widgets.za.net
Pingback: Google Warns WordPress Site Owners To Update « seo-onlinemagazine
Pingback: Google te avisa que actualices WordPress | Ayuda WordPress
Pingback: Google te avisa que actualices WordPress « Rincoon.net
Pingback: עוד שכבת אבטחה לוורדפרס בגוגל וובמסטר | wp-tricks.co.il
Pingback: עוד שכבת אבטחה לוורדפרס בגוגל וובמסטר | wp-tricks.co.il
Pingback: SEO content marketing roundup, week ending June 22nd | SEO Copywriting
Pingback: Caching Plugins – WordPress Plugins from A to Z Episode 36
Pingback: Google Warns WordPress Site Owners To Update | Wordpress Theme Plugin Tutorial Tips Download
Pingback: Гугл каже: “Рекомендуємо оновити WordPress!” | Домашня Псих'а
Pingback: » Pandia Search Engine Marketing News Wrap-up June 25
Pingback: Now Google is warning wordpress site owners | Infowinder
Pingback: What I’ve Been Reading – July 1, 2011
Pingback: Google te avisa que actualices WordPress | Guía wordpress
Pingback: Google Says: Update Your Wordpress Installation!
Pingback: Google Now Warning WordPress Users They Need To Update – Google, News – State of Search « Awesome @ Carol Yam via wordpress
Pingback: Malicious attacks on Wordpress sites – Digital Marketing Blog
http://www.directgoedkoopgeldlenen.nl Direct geld lenen

Never read about this before. Good thing that Google keeps WMT-users up to date!
http://www.apnajahanian.com APNA JAHANIAN

it means we have to always update our blog other ways google stop its accounts with our blogs>>?/
http://www.goedkoopstezorgverzekering.nl Goedkoopste zorgverzekering

This is new for us. Thanks.
Pingback: Simple Steps to Safeguard your WordPress Website | Wordpress news and updates
Pingback: Simple Steps to Safeguard your WordPress Website : Web & Search Engine Optimizers : RippleSmith Web Optimization Services
Pingback: Google Notifying Webmasters To Update WordPress Blogs | Wordpress Web Designing

State of Search

Google Now Warning WordPress Users They Need To Update

Nominated For Best European Blog

Join Your Friends in Our Network

Sponsors

Choose your category

Comments

Most Shared Posts Last Month

Most commented on Last Month

Sponsors

Subscribe to our Newsletter

Recent Events

Latest News

Google Now Warning WordPress Users They Need To Update

Linkdex and Yoast team up in newest update of WordPress SEO Plugin

Google Confirms Panda Update 3.2: A “Data Refresh”

Panda Update: The Movie?

WordPress: A Global Phenomenon

Nominated For Best European Blog

Join Your Friends in Our Network

Sponsors

Choose your category

Comments

Most Shared Posts Last Month

Most commented on Last Month

Sponsors

Subscribe to our Newsletter

Recent Events

Latest News