Google has sent out alerts to some of its users warning that they are running outdated versions of Joomla and WordPress and advising them to upgrade.
It is not unusual for Google to send out security notices, but we wonder if this was, in some part, triggered by the REST API vulnerability that was introduced in WordPress 4.7 causing mass defacements of websites.
There has been some discussion around the web, criticizing the fact that some of these notices apply to WordPress versions that were already running the latest versions of the software, and that the notices were outdated.
As one user, StevieD_Web, on the Webmaster Central Help Forum's noticed, the notice will list examples of URL's that are showing outdated software. If you check the Google Index's cache for those URLs you will find that the cache is old, and thus may show an old generator tag in the source code, such as:
< meta name="generator" content="WordPress 4.7.1" />
Even if you believe your WordPress or other software is fully up to date, it does not hurt to double check, especially with the particularly nasty REST API vulnerability, that affects WordPress versions 7.0 and 7.1, currently being exploited on a massive scale.
On the Webmaster Central Help Forum, other users are attempting to placate those who are complaining about the false positive (i.e. that their websites had already been upgrading), with one user suggesting Google is aware of a vulnerability which necessitated sending out the notices:
Why did Google not report a problem at the time? Why is Google only notifying us now? Presumably what's changed is that Google's just now become aware of some vulnerability. If so, the message should be clear about that.
Even so, this contains a complaint that perhaps Google could have been more clear about the current vulnerability that needs to be patched.
A copy of the WordPress notice is set out below:
Google has detected that your site is currently running WordPress 4.7.0 or 4.7.1, an older version of WordPress. Outdated or unpatched software can be vulnerable to hacking and malware exploits that harm potential visitors to your site. Therefore, we suggest you update the software on your site as soon as possible.
The notice then proceeds to set out some example URLS, and make some recommended actions:
- Update to the latest release of WordPress
- Check your site for hacked content
- Stay up to date on new releases
A copy of the Joomla notice is set out below:
Google has detected that your site is currently running Joomla 1.5, an older version of Joomla. Outdated or unpatched software can be vulnerable to hacking and malware exploits that harm potential visitors to your site. Therefore, we suggest you update the software on your site as soon as possible.
Again, similar recommendations were made at the end of the notice.