WordPress is a platform that is wildly popular for a host of differents reasons, including with lawyers wanting a fast, Google-friendly, robust system to build their law marketing with.
The platform powers over a quarter of the world’s websites, which is obviously a massive number and as an easy-to-use and generally secure system it is highly popular with good reason.
However there are now some increasingly well-publicised risks associated with the WordPress sites, which is used by over 100 million people worldwide, of which close to 90 per cent are supposedly exposed to a security flaw.
Many website platforms are exposed to hacks – witness the latest Sony hacking efforts – and it is tough to combat them all, but the WordPress problem follows the malicious code installed to retrieve information on 800,000 banking details from users.
The latest problem is code injected into comments that can be executed by the administrator and then undertake “administrative operations” by effectively taking over the administration account.
This can, understandably, cause mayhem and a lot of issues. For lawyers operating their websites it is the last thing they need.
The latest flaw does not affect WordPress sites running WordPress 4.0, but a great many firms are not yet using that and upgrading may be easy, but it creates issues with WordPress plugins often.
Users can also deactivate the “Comments” section and using another comments program like Disqus, which may involve technical issues but will remove the security problem.
As a lawyer marketing and developing your online presence however, you do not want to have your own site compromised, nor do you want to be spreading malware via your site.