Google has taken a different tack to improve Web security-it’s going to the Web site owners directly.
The effort, announced by Google Oct.16, is a way for Google to warn Webmasters that their sites are vulnerable to hackers. According to Google, the test will focus on 5,000 to 6,000 Webmasters using Google Webmaster Tools and will notify them if they are using an old version of WordPress.
Google Webmaster Tools is a set of free products designed to help Webmasters make their sites more Google-friendly. For example, the tools can be used to provide metrics to show what the top queries are that are driving traffic to a site.
“WordPress generates meta tags on their site… and it basically just identifies the version of WordPress that the sites are running,” explained Jay Nancarrow, a spokesperson for Google. “When we crawl those sites we’re able to view those meta tags, and this is basically just an opportunity for us to give a heads-up to Webmasters … that they are running this version that has been identified as potentially having vulnerabilities.”
Google’s effort also serves as a reminder to Webmasters and others that it is important to keep software and applications up-to-date. This test is aimed specifically at users of Version 2.1.1 of WordPress-a version known to be vulnerable. In 2007, it was made public that a hacker had gained user-level access to one of WordPress.org’s Web servers and modified code for WordPress 2.1.1 to allow for remote PHP execution. The issue was addressed with the release of WordPress 2.1.2.
Google has left open the possibility of expanding the testing program to other types of software on the Web. The messages about the current test are expected to go out Oct. 21.
“We will be leaving messages for owners of potentially vulnerable sites in the Google Message Center that we provide as a free service as part of Webmaster Tools,” said a post on Google’s Webmaster Central Blog. “If you manage a Web site but haven’t signed up for Webmaster Tools, don’t worry. The messages will be saved and if you sign up later on, you’ll still be able to access any messages that Google has left for your site.”