Skip to main content

Technorati ignoring vulnerable Wordpress blogs

By Bryan - Posted on 08 April 2008

A couple months ago, Technorati announced that users of Wordpress needed to upgrade to the latest available version (now at Version 2.5). This week, Technorati announced that blogs remaining vulnerable to identified security exploits may no longer be indexed by their service.

Because of this ongoing problem, we're discontinuing processing crawls of blogs that exhibit common symptoms of being compromised. We strongly recommend upgrading your WordPress installation. Even if you haven't been afflicted by a compromise, by the time you are aware that you have been a number of negative consequences may have already occurred (for instance, flagged spam by Technorati, Google or Yahoo!) -- this has been reported by many WordPress users.

By not upgrading your software, the search engine services may block your site from being listed. I can't think of a greater incentive to update your content management software to the latest version than the threat of being delisted. This is a bold move by Technorati. I'm personally glad Technorati is taking a stand against sites hosting older versions of Wordpress with the known security holes. In my opinion, there really isn't a good reason you shouldn't be upgrading your Wordpress site to the latest version.

Now that I've patted Technorati on the back for forcing Wordpress users to upgrade, I better quietly go verify that my own Wordpress site is running version 2.5. Innocent Do as I say and not as I do...

(Note: Edited at 8:05 PM based on below comments)

Comments

#1 Spam comments are a different issue

Ian Kallen's picture
Submitted by Ian Kallen (not verified) on April 8, 2008 - 6:57pm.

The pandemic of spam links that we're addressing isn't in blog comments, they're put on the blogs themselves through a security hole in these older versions of WordPress. I posted some more details on the matter here http://www.arachna.com/roller/page/spida...

thanks!

-Ian

Technorati

#2 Ian, Thanks for the

Bryan's picture
Submitted by Bryan on April 8, 2008 - 8:15pm.

Ian,

Thanks for the reply.  I made some changes to the original post so that that it doesn't blame "comment spam" for Technorati's latest actions.

Bryan 

#3 Bizarre

Lawrence Salberg's picture
Submitted by Lawrence Salberg (not verified) on April 10, 2008 - 2:43pm.

I'm all for encouraging folks to upgrade, but, uh, WP 2.5 just came out not even two weeks ago. And there's certainly no evidence that it won't bring with it its own little security surprises. In other words, I'm sure 2.6 will fix some security issues of 2.5 and so on.

I upgraded my blog like a good little boy, as always do after nearly every major release of WP. I run over a dozen WP sites, but the rest will get their upgrade after I've played around with WP 2.5 for a month or so, so I can anticipate problems, answer questions of clients.

What Technorati doesn't seem to understand, among other things, is that more and more people are starting to use W/P as a psuedo-enterprise application. As such, we wont' be roling out new versions as quickly as we did in the "olden days".

A more sensible approach would have been to require W/P 2.0 for now, then later, move to 2.1, then 2.3, etc. The sheer number of pre W/P 2.0 blogs is still amazing. To demand that the whole blogosphere run the absolute latest version of W/P, while making Mullenweg very happy, is a bit hyper puristic. And I thought the pushiness of Microsoft to foist Vista upon us was bad.

Now, if Technorati were really interested in cleaning up their index, they'd exclude all blogspot blogs still at the blogspot address, particlurly those with less than 20 posts, or those that have duplicate content. Quite frankly, there should probably be a six-month waiting period on all new Blogspot blogs.

#4 Finally upgraded to Wordpress 2.5

Bryan's picture
Submitted by Bryan on April 21, 2008 - 9:35pm.

I feel sort of bad about this, but I didn't get a Wordpress blog I manage upgraded to version 2.5 until today.  Waiting three weeks after a new version of Wordpress is released is very unlike me.  I sort of feel like I'm guilty of "do as i say and not as I do".  Bad CMS Report host, bad CMS Report host...

#5 Technor-spami

Anonymous's picture
Submitted by Anonymous (not verified) on June 4, 2008 - 4:15pm.

I'm not sure that I WANT to be added in technorati's search engine, considering 90% of their business is spammers and bots.

Bryan's picture

About this CMS Enthusiast

Bryan Ruby is the owner and editor for CMS Report. He founded CMSReport.com in 2006 on the belief that information technologists, website owners, and web developers desired visiting sites where they could learn about content management systems without the sales pitch. Outside of his late night blogging hours, he is the Information Technology Officer for a field office in the federal government.