Thursday, February 25, 2021
  • Setup menu at Appearance » Menus and assign menu to Top Bar Navigation
Advertisement
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
No Result
View All Result
Home Internet Security

WordPress team working on daring plan to forcibly update old websites

August 8, 2019
in Internet Security
WordPress team working on daring plan to forcibly update old websites
586
SHARES
3.3k
VIEWS
Share on FacebookShare on Twitter

The developers behind the WordPress open-source content management system (CMS) are working on a plan to forcibly auto-update older versions of the CMS to more recent releases.

The goal of this plan is to improve the security of the WordPress ecosystem, and the internet as a whole, since WordPress installations account for more than 34% of all internet websites.

You might also like

Want to pass on your old PCs to good causes? Here’s how to do it while staying secure

Red Hat closes StackRox Kubernetes security acquisition

COVID pandemic causes spike in cyberattacks against hospitals, medical companies

Officially supported versions include only the last six WordPress major releases, which currently are all the versions between v4.7 and v5.2.

The plan is to slowly auto-update old WordPress sites, starting with v3.7, to the current mimum supported version, which is the v4.7 release. This will be done in multiple stages, as follows:

  1. 2% of all WP 3.7 sites will be auto-updated to WP 3.8
  2. After a week, another 18% will be auto-updated to WP 3.8
  3. After two weeks, 80% of WP 3.7 sites will be auto-updated to WP 3.8.
  4. Repeat the same steps as above, but migrating sites from WP 3.8 to WP 3.9; WP3.9 to WP 4.0; and so on.

The WordPress team said it plans to monitor this tiered forced auto-update process for errors and site breakage. If there’s something massively wrong, then auto-update can be stopped altogether.

If only a few individual sites break, than those site will be rolled back to their previous versions and the owner will be notified via email.

“The email should be a strongly-worded warning, letting them know that their site could not be upgraded to a secure version, and that they should manually update immediately. If they don’t update, it’s almost guaranteed that their site will be hacked eventually,” said Ian Dunn, a member of the WordPress dev team.

A first auto-update plan would have wreaked havoc on the internet

This looks like a sensible solution, but an earlier proposal had the WordPress team forcibly update all old WordPress sites to version 4.7 at once.

This idea was quickly scraped after an avalanche of negative feedback from WordPress site owners who warned that millions of sites would have gone down with WSOD (white screen of death) errors caused by incompatibilities between themes, plugins and the newer WordPress core version.

The tiered forced auto-update is the result of the feedback, and one that takes possible site breakage into account.

Furthermore, the WordPress team plans to allow site owners to opt out of this forced update process. The WordPress team plans to send emails to website administrators and show a stern warning in websites’ dashboards before starting the auto-update process. These warnings will also include opt-out instructions, and will be shown/sent at least six weeks before a site is forcibly auto-updated.

“They’ll be warned about the security implications of opting-out,” Dunn said.

More than 3% of the internet runs outdated WordPress sites

The finer details of the auto-update process have not been finalized yet, but a source has told ZDNet that the WordPress security team hopes to auto-update all old sites within a year.

Versions prior to v3.7 will not be auto-updated because v3.7 is the version in which the auto-update mechanism was included in the CMS.

These older versions only support manual updates and can’t be auto-updated. Versions prior to v3.7 account for under 1% of all WordPress installations, though, so this won’t be a big issue.

WordPress sites running versions from v3.7 to v4.7 account for 11.7% of all WordPress sites, which is roughly in the tens of millions of sites range.

That’s about 3% of all internet sites, currently running extremely old WordPress versions. WordPress 3.7 was released in October 23, 2013, while the current minimum “safe” version, v4.7, was released in December 2016.

It was foreshadowed last year

While the plans to go with a forced update has shocked some members of the webdev community, it has not surprised ZDNet.

We knew it was coming because the WordPress security team hinted about it last year. In a talk at the DerbyCon 2018 security conference, WordPress Security Team lead Aaron Campbell said his team was working on “wiping older versions from existence on the internet.”

This is what he meant.

The reason behind the WordPress dev team’s desire to forcibly update all older CMS versions to the new one is because of man-power.

For the past six years, WordPress developers have been backporting every single security patch for all versions going back to WordPress 3.7.

While this was doable in the beginning, as the WordPress CMS moved forward, it took up more and more time because WordPress devs had to convert newer PHP code into one that’s compatible with the older WordPress codebase.

“That sucks for us as a security team,” Campbell said about this process, last year at DerbyCon. “But it’s absolutely the best thing for our users. And because that’s where we set the measure of success, that’s what we do.”

By moving all users to WordPress 4.7 (and then 4.8, 4.9, etc), developers are also making their lives easier, but also keeping the internet more secure, as a whole.

Currently, WordPress is the most targeted CMS today, mainly due to its large adoption and huge attack surface. Reducing the attack surface is the easier way to combat malware botnets that take over WordPress sites and use them to host malware, SEO spam, or launch DDoS attacks.

Related cybersecurity coverage:

Credit: Zdnet

Previous Post

$28 Million Crypto Ponzi Lands Morally Bankrupt Scammer in Jail

Next Post

Artificial Intelligence vs. Human Creativity in Marketing

Related Posts

Want to pass on your old PCs to good causes? Here’s how to do it while staying secure
Internet Security

Want to pass on your old PCs to good causes? Here’s how to do it while staying secure

February 24, 2021
Red Hat closes StackRox Kubernetes security acquisition
Internet Security

Red Hat closes StackRox Kubernetes security acquisition

February 24, 2021
COVID pandemic causes spike in cyberattacks against hospitals, medical companies
Internet Security

COVID pandemic causes spike in cyberattacks against hospitals, medical companies

February 24, 2021
Bill establishing cyber abuse takedown scheme for adults enters Parliament
Internet Security

Bill establishing cyber abuse takedown scheme for adults enters Parliament

February 24, 2021
McAfee shares jump on first public report: Q4 revenue tops expectations, outlook higher as well
Internet Security

McAfee shares jump on first public report: Q4 revenue tops expectations, outlook higher as well

February 24, 2021
Next Post
Artificial Intelligence vs. Human Creativity in Marketing

Artificial Intelligence vs. Human Creativity in Marketing

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recommended

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

January 6, 2019
Microsoft, Google Use Artificial Intelligence to Fight Hackers

Microsoft, Google Use Artificial Intelligence to Fight Hackers

January 6, 2019

Categories

  • Artificial Intelligence
  • Big Data
  • Blockchain
  • Crypto News
  • Data Science
  • Digital Marketing
  • Internet Privacy
  • Internet Security
  • Learn to Code
  • Machine Learning
  • Marketing Technology
  • Neural Networks
  • Technology Companies

Don't miss it

Reaching customers at scale without losing their trust: Wednesday’s daily brief
Digital Marketing

Reaching customers at scale without losing their trust: Wednesday’s daily brief

February 25, 2021
Want to pass on your old PCs to good causes? Here’s how to do it while staying secure
Internet Security

Want to pass on your old PCs to good causes? Here’s how to do it while staying secure

February 24, 2021
Experts Warns of Notable Increase in QuickBooks Data Files Theft Attacks
Internet Privacy

Experts Warns of Notable Increase in QuickBooks Data Files Theft Attacks

February 24, 2021
Cutting-edge Katana Graph scores $28.5 million Series A Led by Intel Capital
Big Data

Cutting-edge Katana Graph scores $28.5 million Series A Led by Intel Capital

February 24, 2021
Assessing the rise of DeFi – and how data will drive fintech in 2021
Blockchain

Assessing the rise of DeFi – and how data will drive fintech in 2021

February 24, 2021
Zorroa Launches Boon AI; No-code Machine Learning for Media-driven Organizations
Machine Learning

Zorroa Launches Boon AI; No-code Machine Learning for Media-driven Organizations

February 24, 2021
NikolaNews

NikolaNews.com is an online News Portal which aims to share news about blockchain, AI, Big Data, and Data Privacy and more!

What’s New Here?

  • Reaching customers at scale without losing their trust: Wednesday’s daily brief February 25, 2021
  • Want to pass on your old PCs to good causes? Here’s how to do it while staying secure February 24, 2021
  • Experts Warns of Notable Increase in QuickBooks Data Files Theft Attacks February 24, 2021
  • Cutting-edge Katana Graph scores $28.5 million Series A Led by Intel Capital February 24, 2021

Subscribe to get more!

© 2019 NikolaNews.com - Global Tech Updates

No Result
View All Result
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News

© 2019 NikolaNews.com - Global Tech Updates