We talk a lot about keeping WordPress and the plugins you use updated. That’s great and all, but you also have to remember that it doesn’t stop there, you have to keep your themes updated as well.
Recently we found that some very old versions of the Headway theme (versions 1.6.3 to 1.6.6) have a security vulnerability that was fixed over a year ago. However, there are still a large number of sites running these old versions, and we’re seeing cases where the sites are being compromised.
We feel this adds a lot of validity to what we’ve been saying for a long time – Security is a process, and you have to keep your sites updated, secured, and monitored. If you forget about one little piece, like updating your plugin or theme, it can be used against you in a big way!
Like any software, the longer it sits, the larger the risk of it being exploited. It is imperative that you upgrade your software when a patch comes out. If not, you’re putting your site, business, and ultimately your users at a higher risk than needed. Ultimately it’s your responsibility.
If you’re running Headway 1.6.3-1.6.6 and have not updated, you need to get it up to date immediately. The issues that were found with the release were patched well over a year ago, and notifications were sent via administrative alert.
Update (03/08/11): Check out the latest post on the Headway Themes blog recommending that everyone upgrade.
In ending, it’s about mitigating risk. Make sure you’re doing your part by keeping ALL of your software up to date!