WordPress security patches
Back to April 2013, the latest WordPress major release was 3.5. When I checked the WordPress statistics, there were only 28.4% websites using WordPress 3.5. That meaned 72.6% websites contained WordPress security holes without patched, not counting to errors in themes and plugins. That was also equal to 46 million WordPress-websites in danger. I asked myself at that time, WTH?!?!
Today, when checking the WordPress statistics again, that situation improves much. There are 43.1% WordPress-based websites running the latest major release (not sure about the latest minor releases though). However, there are still 48.3% websites using WordPress from 3.5 to 4.1. A quick counting on WordPress releases, there are more than 160 bugs fixed for those versions. Another WOW from me.
WordPress is widely used with its easy-to-use feature. It is also powerful. Many big websites are using WordPress as the cores. However, the admins have to remember to update the latest releases, for all WordPress security patches, plugins, and themes. Otherwise, you are opening backdoors for hackers to enter your online home on the Internet.
Also, you might know already, for running WordPress, you need a server. Your websites might be patched with the latest WordPress security patches. However, do you know that if all the software on your server is up-to-date? As you see from above graphs, many servers are still using outdated PHP versions. Any other security issue there?