WordPress Critical Vulnerability – Industry Comment

The attacks against WordPress’ File Manager underscore the critical need for companies to automate open source security. WordPress has been quick to fix the flaw, but hackers will continue to look for vulnerable versions to exploit. Operations teams are now in a race against time between adversarial attacks, and must urgently update their applications. If your automation is faster than evil, you’re safe. If you continue to rely on slower, manual update and deployment methods, you are at risk in this period of active exploits.

When it comes to fighting hackers, speed is paramount. Yet despite this, a huge 51% of organisations take more than a week to patch known flaws. This gives adversaries an advantage over half their targets; if half of the 350,000 sites impacted by File Manager vulnerability take this lax approach to security, some 175,000 sites could be at high risk of attacks.

The incident also shows the scale of havoc that can be wrecked with just one vulnerability. When a vulnerable plugin is used in thousands of places, thousands of companies are vulnerable to the same attack. Attacks against File Manager are already spreading at speed. Businesses must patch now to stop hackers in their tracks.

Given adversary response times to new vulnerabilities, enterprises also need to adopt new approaches to thwart attacks. This should include enabling automatic updates of code, and anyone who has this feature should strongly consider turning it on. Without it, enterprises race in scavenger hunts to figure out if they’ve used vulnerable versions and then update before attacks begin.