Forgot to update a plugin and paid the price Monday morning

I manage a small ecommerce site for a local shop in Austin. Last Monday I woke up to find the site was redirecting to some spam page about weight loss pills. Turns out I had ignored a WordPress plugin update for about 3 months. The hacker exploited a known vulnerability in the WooCommerce plugin, and it took me 6 hours to restore from a backup and patch everything. Has anyone else had a close call like this from putting off updates?

2 comments

2 Comments

palmer.zara7d ago

Did you test the new version before updating or just blindly trust it?

miam117d ago

Honestly idk why everyone acts like you HAVE to test every single update first. Most of the time the change log is just bug fixes and minor stuff nobody cares about. I updated my phone OS the second it dropped last week and everything was fine. Sure there's always a small risk but the people who preach about testing everything also probably waste hours checking forums before doing anything. Just click update and move on with your day.