Keeping software running on a website up to date is an important part of keeping it secure, but, as we have been focusing on a lot lately, organizations that you would expect to be up to task of handling their security are failing to do that. Whether it is web security companies, a web security organization, or major government websites (the DHS did finally get their website up to date, though) they are all failing to taking this easy security step. We can now add to this recent list, web security journalism.
Here is the WordPress version powering Wired’s Threat Level blog, which covers “Privacy, Crime and Security Online”:
Since they are running 3.4.2 they failed to update WordPress for seven months and more importantly they failed to update when a security release was put out back in January. If an important source of security information isn’t aware they need to keep their website up to date, it isn’t a good sign that others will be getting that information either.