Some bloggers take the ostrich approach to security: head in the sand, somebody else does that, I'm not going to worry about it.
Then one morning you wake up to find your web site has been hacked and all your pages are gone or replaced with graffiti. It's an ugly situation.
When a security whole is discovered in a popular module or application, it potentially puts a lot of people at immediate risk. You may not even know if your site uses a particular module: for example, this very recent XML-RPC worm affects Unix and Linux systems using XML-RPC for PHP. You might know if you have a Linux or Windows OS, but do you know if your site software uses XML-RPC for PHP? It might; but even if it does you aren't necessarily at risk: many of these security problems are dependent upon configuration conditions that may not apply to you.
Keeping up with all of that is difficult. If you have a small website that isn't a large part of your income stream, you probably aren't going to make much effort to follow the ins and outs of security threats that may affect you. As your site gets larger, and produces more income, the potential loss becomes more serious and important. When you reach that point, you really do need to be intimately aware of the software you use and how security advisories affect you specifically.
Got something to add? Send me email.
More Articles by Tony Lawrence © 2011-03-09 Tony Lawrence