No matter how hard we preach here on the blog, on our official YouTube Channel, and in our support department, we still find some users consistently run outdated versions of WordPress (and other content management systems).
Personally, I made this mistake a couple of times in my career, and had to learn my lesson the painful hard way.
Why Some People Don’t Update WordPress (My Story)
In my case, I always have heavily customized all my websites that use WordPress, therefore when an update came out it was a tremendous pain in the butt to merge all of the changes.
Back in 2011 I put off one of these updates because of this and eventually found myself with a compromised website with hundreds of my blog posts infected with malicious code that showed all through my search engine results.
The cleanup was something I can only describe as a nightmare.
I had to take the website completely offline, rebuild the entire account, re-install WordPress, create the theme from scratch, and then merge in my database only after running many queries against it to try and remove all the effected rows.
Since then, I’ve became an advocate for keeping WordPress updated along with my plugins and themes. Merging my changes is a lot easier than going through that nightmare again!
Unfortunately some customers here at NameHero have similar stories as to why they don’t update WordPress. Others simply forget about installs or have domains they no longer use.
Regardless the situation, any account running an outdated version of WordPress (or other PHP/mySQL script) remains vulnerable to an attack.
No matter how much I kick, scream, and yell, it’s an impossible task to get every single customer to keep their WordPress installs updated.
As mentioned above, some will simply install it on an account, and forget about it or have a site that’s no longer in use.
Now live across our network, Patchman automatically scans all our servers each night, and when it finds a security vulnerability, it automatically patches it.
It’s important to note this doesn’t mean update.
For example, if you’re running an old version of WordPress, it’s likely to have several vulnerabilities. Once they’re detected, the Patchman agent can easily apply the known fix.
Patchman also searches for malware or other malicious files and will automatically quarantine them.
How To View Patchman On Your Account
As mentioned, all Web Hosting and Reseller Hosting customers have access to this powerful tool for free and it can easily be access inside of cPanel -> Patchman:
Once clicked, you can see if any vulnerabilities have been patched inside of your account:
If you click to enlarge this image, you’ll see Patchman has discovered 58 vulnerabilities and has patched them.
I purposely ran an outdated version of WordPress just to put it to a test (version 4.7.13).
Thankfully this website was never successfully compromised, and this was most likely due to Patchman’s efficiency.
However, if you see this inside of your account, this is a darn good indicator that you need to update your website!
Patchman is not a substitute for regularly conducting updates as well as using strong usernames and passwords!
This will “buy you some time” in-between updates and will also help you in the event that you (or your customer) forgot about an old WordPress installation.
Patchman Malware Scanning
In addition to our Real Time Malware scanning, Patchman also does a nightly malware scan across your account.
If malicious files are detected, they’re automatically placed into quarantine.
You can also run an “on demand scan” that will immediately scan your account for malware + to see if any available vulnerabilities exist.
To do this, you’d navigate to Patchman inside of cPanel (as displayed above) and then click the Perform Scan link at the top:
This is especially helpful if you’re moving files over from another web host and want to make sure you’re getting started on a clean slate.
Once clicked, the scan enters the que, so please allow an hour or two for it to complete (depending on the number of files you have).
Patchman Email Alerts
Coming in the next couple of weeks Patchman will send you email updates when a vulnerability is detected.
When you receive these emails, please don’t ignore them, this means it’s time to update and also double down on your security.
If it was me, once I received an alert, I’d login to my WordPress, make sure all plugins/themes are updated, then apply the necessary WordPress update.
Additionally, I’d probably ensure I’m also running a good WordPress security plugin such as Wordfence and would also take this time to go ahead and refresh my password to a good strong one.
If you’re diligent about this, the chance of you ever having a WordPress security event will be extremely slim.
If you ignore these, then you could be in for a nightmare similar to mine. We unfortunately have cases of this each and every week which is frustrating, but unfortunately how it goes.
Patchman Video Tutorial
I filmed a tutorial on how to access Patchman in your account and show the features of it on my outdated WordPress installation:
We’re real excited to have Patchman live and to be working with their team. We hope you find much value in this feature and will work hard to keep your WordPress website safe and secure.
Feel free to ask any questions below!
Ryan Gray is the founder and CEO of NameHero, one of the fastest growing independent web hosts in the United States. Ryan has been working online since 1998 and has over two-decades experience in Internet Entrepreneurship.