In December, DHS published an extensive report on the hacks coming out of Russia that influenced the November Presidential election. Today, WordFence has done further analysis and discovered that some of the attack vectors came from unpatched WordPress sites.
The story focuses on one site (though there were more) running a plugin with a known vulnerability — which had been patched a year previously, but the site owner hadn’t run their updates.
And they still haven’t. The site remains vulnerable to SQL injection even now.
For heaven’s sake people, it’s basic maintenance. Every day log into your dashboard, look for the circular arrows in the top bar for available updates and run them.
It takes a minute.