• Skip to primary navigation
  • Skip to content
  • Skip to primary sidebar
  • Skip to footer

Sucuri Blog

Website Security News

  • Products
    • Website Security Platform
    • Website Firewall (WAF)
    • Enterprise Website Security
    • Multisite Solutions
  • Features
    • Detection
    • Protection
    • Performance
    • Response
    • Backups
  • Partners
    • Agency Solutions
    • Partners
    • Referral Program
    • Ecommerce
  • Resources
    • Guides
    • Webinars
    • Infographics
    • SiteCheck
    • Reports
    • Email Courses
  • Immediate Help
  • Login

Keeping Your WordPress Themes Updated

August 2, 2011Dre Armeda

0
SHARES
FacebookTwitterSubscribe

We talk a lot about keeping WordPress and the plugins you use updated. That’s great and all, but you also have to remember that it doesn’t stop there, you have to keep your themes updated as well.

Recently we found that some very old versions of the Headway theme (versions 1.6.3 to 1.6.6) have a security vulnerability that was fixed over a year ago. However, there are still a large number of sites running these old versions, and we’re seeing cases where the sites are being compromised.

We feel this adds a lot of validity to what we’ve been saying for a long time – Security is a process, and you have to keep your sites updated, secured, and monitored. If you forget about one little piece, like updating your plugin or theme, it can be used against you in a big way!

Like any software, the longer it sits, the larger the risk of it being exploited. It is imperative that you upgrade your software when a patch comes out. If not, you’re putting your site, business, and ultimately your users at a higher risk than needed. Ultimately it’s your responsibility.

If you’re running Headway 1.6.3-1.6.6 and have not updated, you need to get it up to date immediately. The issues that were found with the release were patched well over a year ago, and notifications were sent via administrative alert.

Update (03/08/11): Check out the latest post on the Headway Themes blog recommending that everyone upgrade.

In ending, it’s about mitigating risk. Make sure you’re doing your part by keeping ALL of your software up to date!

0
SHARES
FacebookTwitterSubscribe

Categories: Vulnerability Disclosure, WordPress Security

About Dre Armeda

Dre Armeda was Sucuri’s founding CEO and Co-Founder who helped start up the company in 2010. Today, Dre is Sr. Director of Technical Program Management and serves as Head of Technical Program Management (TPM) for GoDaddy's Partners Business. As head of TPM, Dre leads the PMO and Program Delivery Teams, ultimately driving all the program management functions and supporting our partners. When Dre isn't executing strategic initiatives at GoDaddy, you can find him on the mat training in Jiu Jitsu as a Carlson Gracie brown belt. Connect with Dre on Twitter.

Reader Interactions

Comments

  1. Grant Griffiths

    August 3, 2011

    Thanks Dre for your great post.  We certainly take security serious at Headway Themes.  And that is just one reason we have pushed out 13 updates since 1.6.3.  

    Your statement that “security is a process” is spot on.  While we push out updates, our users need to heed the advice given and keep their teams and framework up to date.  Just like they need to update WordPress.

    We are pushing out Headway 2.0.12 today which also includes a security fix for Headway and an update for the bug you mentioned with TimThumb.  

    Thanks again for keeping all of us aware of the importance to be diligent in keeping things up to date.

  2. carsoholics

    May 9, 2012

    How can you make a theme that you created update from a server? I want the theme to be able to be updated when you go to the theme panel. We created a theme and have it running on 30+ sites, whenever I make a change it has to be uploaded to all of the sites.

    Any idea on how to make this custom theme updatable?

Primary Sidebar

Socialize With Sucuri

We're actively engaged across multiple platforms. Follow us and let's connect!

  • Facebook
  • Twitter
  • LinkedIn
  • YouTube
  • Instagram
  • RSS Feed

WordPress Security Course

How to Clean a Hacked Website Guide

WordPress Security Guide

Join Over 20,000 Subscribers!

Footer

Products

  • Website Firewall
  • Website AntiVirus
  • Website Backups
  • WordPress Security
  • Enterprise Services

Solutions

  • DDos Protection
  • Malware Detection
  • Malware Removal
  • Malware Prevention
  • Blacklist Removal

Support

  • Blog
  • Knowledge Base
  • SiteCheck
  • Research Labs
  • FAQ

Company

  • About
  • Media
  • Events
  • Employment
  • Contact
  • Testimonials
  • Facebook
  • Twitter
  • LinkedIn
  • Instagram

Customer Login

Sucuri Home

  • Terms of Use
  • Privacy Policy
  • Frequently Asked Questions

© 2022 Sucuri Inc. All rights reserved

Sucuri Cookie Policy
See our policy>>

Our website uses cookies, which help us to improve our site and enables us to deliver the best possible service and customer experience.