{"id":2535,"date":"2015-07-07T15:14:14","date_gmt":"2015-07-07T21:14:14","guid":{"rendered":"http:\/\/www.whitefirdesign.com\/blog\/?p=2535"},"modified":"2015-07-07T16:07:21","modified_gmt":"2015-07-07T22:07:21","slug":"security-company-with-wordpress-security-plugin-doesnt-keep-their-own-wordpress-installation-up-to-date","status":"publish","type":"post","link":"https:\/\/www.whitefirdesign.com\/blog\/2015\/07\/07\/security-company-with-wordpress-security-plugin-doesnt-keep-their-own-wordpress-installation-up-to-date\/","title":{"rendered":"Security Company with WordPress Security Plugin Doesn’t Keep Their Own WordPress Installation Up to Date"},"content":{"rendered":"

When it comes to trying to improve the\u00a0security of websites, one of the problems that we see is that while many people are still not taking basic security measures with their websites<\/a>\u00a0there are\u00a0plenty of companies\u00a0pushing additional security products and services. In some cases we have seen that the inflated claims of some of those products and services lead people to not take basic measures, since those products and services claim that they will prevent them from being hacked, and because they haven’t taken the basics security measures they end up getting hacked. While we do don’t have much evidence, we are concerned that other people don’t take basic security steps since keeping seems so daunting when they are told they need to being using all of these different products and services to keep their website secure.<\/p>\n

A question that underlies this is if these companies actually are all that concerned about security or if they just trying to make a quick buck peddling products and services whose security implications they have little understanding. One way quick check to get an idea of their concern for security is to see if they are\u00a0keeping the software running their own websites up to date. The results we have seen in the past haven’t been good, like\u00a0the time we found that all of the companies we looked that were advertising to clean up hacked Joomla websites were all running outdated software (mostly Joomla)<\/a>. This time around we happen to run across the website of a company name Centrora Security, you can see from the results of a Chrome extension<\/a> we make that they are not keeping the WordPress installation running their website up to date:<\/p>\n

\"The<\/a><\/p>\n

Not only have they not updated it for ever over a year and not updated it for the two most recent major versions, 4.1 and 4.2, but they have missed three security updates for 4.0.x series: 4.0.2<\/a>, 4.0.4<\/a>, and 4.0.5<\/a>.\u00a0Since WordPress 3.7, minor version updates like those security updates would normally be applied automatically, so either Centrora Security\u00a0unwisely disabled that feature or some bug is stopping that from happening in their case. If it is the later then Centrora Security could actually help to improve the security of WordPress websites by working the WordPress developers to resolve that, so that others impacted by the issue could also start getting updates.<\/p>\n

While they don’t take the basic step of keeping WordPress up to date, they produce a WordPress security plugin<\/a> that they claim is the “MOST POWERFUL WORDPRESS SECURITY PLUGIN”. Probably not all that surprisingly they are not running the latest version of their own plugin on the website (the readme.txt for the plugin\u00a0on the websites is from\u00a0version 4.8.4<\/a>), even though keeping WordPress plugin update to date is also an important security measures.<\/p>\n","protected":false},"excerpt":{"rendered":"

When it comes to trying to improve the\u00a0security of websites, one of the problems that we see is that while many people are still not taking basic security measures with their websites\u00a0there are\u00a0plenty of companies\u00a0pushing additional security products and services. In some cases we have seen that the inflated claims of some of those products … Continue reading “Security Company with WordPress Security Plugin Doesn’t Keep Their Own WordPress Installation Up to Date”<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[25,35,32],"tags":[49],"class_list":["post-2535","post","type-post","status-publish","format-standard","hentry","category-bad-security","category-outdated-web-software","category-wordpress-plugins","tag-centrora-security"],"_links":{"self":[{"href":"https:\/\/www.whitefirdesign.com\/blog\/wp-json\/wp\/v2\/posts\/2535","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.whitefirdesign.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.whitefirdesign.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.whitefirdesign.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.whitefirdesign.com\/blog\/wp-json\/wp\/v2\/comments?post=2535"}],"version-history":[{"count":4,"href":"https:\/\/www.whitefirdesign.com\/blog\/wp-json\/wp\/v2\/posts\/2535\/revisions"}],"predecessor-version":[{"id":2541,"href":"https:\/\/www.whitefirdesign.com\/blog\/wp-json\/wp\/v2\/posts\/2535\/revisions\/2541"}],"wp:attachment":[{"href":"https:\/\/www.whitefirdesign.com\/blog\/wp-json\/wp\/v2\/media?parent=2535"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.whitefirdesign.com\/blog\/wp-json\/wp\/v2\/categories?post=2535"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.whitefirdesign.com\/blog\/wp-json\/wp\/v2\/tags?post=2535"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}