Building sophisticated websites is pretty easy these days. Whatever you want (blog, forum, eCommerce solution, picture gallery, video sharing site, or even your own social network) – there is a free third party script that you can use to build your site in a matter of hours.
However this ease comes at a price. Unfortunately, no software is perfect. Hackers have a great incentive to find vulnerabilities in popular scripts – if they find a security hole, they can exploit thousands (and sometimes even millions) of websites that use the buggy script. And the fact that most popular script are free Open Source software helps hackers immensely.
If you are using third party scripts, the rule of thumb is to upgrade as soon as a new version or security patch is available. Go to the vendor’s site and check if a new version is available. Subscribe to mailing lists or RSS feeds to be notified about upgrades and security issues of current versions.
If, for some reason, you prefer not to upgrade (bad idea), at least make sure the version you use doesn’t have known vulnerabilities.
I’ve compiled a list of links to information about known vulnerabilities for a few popular scripts:
Be proactive. If you have to use third party scripts, make sure they are secure and up-to-date. Don’t let your laziness ruin your site, your online business, and your reputation.