"urgent" notices from MDD

[billhector]

My inbox just got flooded with "urgent" notices about out dated WordPress installations. Okay, I get it. But I'm wondering how useful it is to send these emails to the reseller and not the specific account admin. Because unless I then go and email each of these individuals, nothing gets done. Why not deal with the person who installed WordPress in the first place?

 

OR, if that doesn't work (I understand you might want to leave communication to the reseller), how about adjusting the tone and content of the emails? First, take the tone down a notch. The world isn't ending. In some cases, "URGENT" seems a little much. I received one notice saying that a 3.5 WordPress was out of date -- URGENT! Well, I guess it's out of date. WordPress is now at 3.5.1.

 

Also, the email sent to resellers is written as we've never heard of WordPress. We get it. Updates good. Old bad. Why not write a 100 word email with links to resources. Done.

 

Or you can keep doing what you're doing ...

[Dean]

In a way it is urgent as i have come across a lot of people that have had there wordpress hacked and what not!

 

There are reasons for the update.

 

I too got these emails - it is good to see they are keeping an eye on us and making sure everything is running as it should.

 

I just sent an email to every client i have with an outdated wordpress, MDD email us We email our clients.

 

Job Done

[Scott]

Hello Bill,

 

I agree that our scripts for notifying resellers could be greartly improved (ex: 1 email in total showing every URL and username instead of seperate emails for each username), but this would require a significant rewrite of our detection and notification script. For the time being, we do have other priority projects, so this isn't likely to get changed soon. Notifying your clients of the outdated scripts, getting them to update, and getting them to check for updates regularly will not only reduce these notices in the future, but will reduce the dreaded account compromised notices/suspensions that we would send to you when one of your sub accounts gets hacked.

 

I do want to be very clear on one topic though... We NEVER contact a resellers clients directly. There are a few reasons for this: Practically, the only means of contact we might have would be the contact address in cPanel. From a business standpoint, most resellers would be very upset if did try to communicate directly with their clients as it could be seen as trying to steal their client from them. Additionally, resellers do get resources quite a bit cheaper than our regular clients and one reason for this is because you provide support to your own clients and we don't.

 

Lastly. WordPress 3.5 has known vulnerabilities and sites running this version are being compromised. We chose to notify everyone with outdated scripts because we have seen a rise in recent compromises. An ounce of prevention is worth a pound of cure, as they say. Our script only checks for installtions older than current and doesn't differentiate between a site running 3.5 and a site running 2.x or 3.4.

 

Known WordPress vulnerabilities... Including 3.5:

http://www.acunetix.com/blog/web-security-zone/wordpress-pingback-vulnerability/

http://www.cvedetails.com/vulnerability-list/vendor_id-2337/product_id-4096/Wordpress-Wordpress.html