If your company website is running on WordPress or Drupal, it’s time for an update.
Last week, both WordPress and Drupal confirmed the discovery of a major security flaw in their platforms. Currently, it is possible to take down a website or server almost instantly by exploiting a security hole. Hackers can use a well known Denial of Service (DoS) cyber-attack to do some serious damage.
Denial of Service attacks have been prominent for years, most famously used by groups like ‘Anonymous’ for taking down major websites such as The US Copyright Office, The RIAA, the MPAA and many more. They remain a popular method of attacking unprepared users, often with no substantial goal. For business owners, this means anyone without the proper security is vulnerable.
Are you vulnerable?
Nearly a quarter of all websites on the internet are built on the WordPress platform, and any installation of WordPress from December 2013 through last week is vulnerable to a potential attack. Additionally, the attack is easy to carry out, and requires only the upload of a very small file to begin. This means that virtually anyone running a Drupal or WordPress installation is highly vulnerable to a cyber attack.
What can you do about it?
Fortunately, WordPress and Drupal were notified of the security hole before the information went public, and immediately released an update that will patch the hole and prevent these types of attacks from occurring. Many users have already updated, as many WordPress installations will automatically update themselves with essential security updates such as this one. Even if your website hasn’t already been updated, updating WordPress and Drupal by hand is possible with little risk or impact to your website.